From b869201fde0e40cac74fac3bfe22a5aa67c62b2e Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Tue, 15 Oct 2019 09:17:59 -0700 Subject: [PATCH 01/98] Update for ADMX Ingestion Refresh Added Chormium Edge regkey to whitelist Added KB info to support Refresh --- .../win32-and-centennial-app-policy-configuration.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md index 7137215434..f1a655109c 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md @@ -23,7 +23,13 @@ ms.date: 06/26/2017 ## Overview -Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. +Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. + +NOTE: Starting from the following Windows 10 version Replace command is supported +- Windows 10, version 1903 with KB4512941 and KB4517211 installed +- Windows 10, version 1809 with KB4512534 and KB installed +- Windows 10, version 1803 with KB4512509 and KB installed +- Windows 10, version 1709 with KB4516071 and KB installed When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations: @@ -46,6 +52,8 @@ When the ADMX policies are imported, the registry keys to which each policy is w - software\microsoft\exchange\ - software\policies\microsoft\vba\security\ - software\microsoft\onedrive +- software\Microsoft\Edge +- Software\Microsoft\EdgeUpdate\ ## Ingesting an app ADMX file From 58ebfeec8318fb806c7fbca2230a3e09284ba7fe Mon Sep 17 00:00:00 2001 From: illfated Date: Sun, 6 Oct 2019 01:17:09 +0200 Subject: [PATCH 02/98] WHfB/certutil: Add command args comma separators Description: As reported & discussed in issue ticket #5089 (Certutil command wrong), the certutil command modifiers need to be in a comma separated list, otherwise you will get the error message "too many arguments". This behavior has been verified by TechNet moderator Steven_Lee0510: https://social.technet.microsoft.com/Forums/windowsserver/en-US/847c13d5-a32e-4799-bb83-2f8ead98a069/certutil-too-many-arguments?forum=winserversecurity Thanks to Digiroka for reporting and pointing out this issue. Proposed changes: - replace the modifier/argument spaces with commas - add missing MD compatibility spacing in 2 MarkDown notes issue ticket closure or reference: Closes #5089 --- .../hello-hybrid-cert-whfb-settings-pki.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 1cf7fcb2cd..804d8a9ca6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -77,8 +77,8 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. ->[!NOTE] ->The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. +> [!NOTE] +> The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. ### Enrollment Agent certificate template @@ -150,10 +150,10 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials. 1. Open an elevated command prompt. -2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY` +2. Run `certutil -dsTemplate WHFBAuthentication,msPKI-Private-Key-Flag,+CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY` ->[!NOTE] ->If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority. +> [!NOTE] +> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority. ## Publish Templates From 512b1286565c081177d4a38d36b1c7374b339d9a Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 25 Oct 2019 15:47:41 +0500 Subject: [PATCH 03/98] Added a link to for security key providers I have updated the link to point to the page where some of the vendors are listed. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5226 --- .../hello-for-business/microsoft-compatible-security-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 3878a9b907..99d02689bd 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -21,7 +21,7 @@ ms.reviewer: > Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. +Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](https://docs.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys). The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. From 278db770612f7ff2291518b2d72e943ffbb957cc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 29 Oct 2019 12:39:03 +0500 Subject: [PATCH 04/98] Added a link Added a link to direct users to a page where all of the services and their URLs are mentioned. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5231 --- windows/privacy/manage-windows-1809-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index ca7e93d18b..9716cb4a2e 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o ## Windows Defender The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For detailed list of Windows Defender Antivirus cloud service connections see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). | Source process | Protocol | Destination | |----------------|----------|------------| From 2cffaf35460c90f38c86576a2e73b0bfcebcd4b8 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Tue, 29 Oct 2019 13:14:48 -0700 Subject: [PATCH 05/98] metadata updates --- devices/hololens/hololens-environment-considerations.md | 4 ++-- devices/hololens/hololens-offline.md | 2 +- devices/hololens/hololens-recovery.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md index fd573a27c0..8273a1bd05 100644 --- a/devices/hololens/hololens-environment-considerations.md +++ b/devices/hololens/hololens-environment-considerations.md @@ -9,9 +9,9 @@ ms.date: 8/29/2019 ms.prod: hololens ms.topic: article audience: ITPro -ms.localizationpriority: medium +ms.localizationpriority: high appliesto: -- HoloLens 1 +- HoloLens (1st gen) - HoloLens 2 --- diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md index daf928dd5e..6ee4fb35c1 100644 --- a/devices/hololens/hololens-offline.md +++ b/devices/hololens/hololens-offline.md @@ -11,7 +11,7 @@ manager: v-miegge ms.topic: article ms.prod: hololens ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: high appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index 67541da523..0585bf89f7 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -9,7 +9,7 @@ author: mattzmsft ms.author: mazeller ms.date: 08/30/2019 ms.topic: article -ms.localizationpriority: +ms.localizationpriority: high manager: jarrettr appliesto: - HoloLens (1st gen) From 7d108fc88ebffb76252e246bfb477c189921a64b Mon Sep 17 00:00:00 2001 From: rwinj <27970582+rwinj@users.noreply.github.com> Date: Tue, 29 Oct 2019 13:41:43 -0700 Subject: [PATCH 06/98] lower case g in HoloLens (1st gen) --- devices/hololens/hololens1-hardware.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md index aced822bd4..b10c64486f 100644 --- a/devices/hololens/hololens1-hardware.md +++ b/devices/hololens/hololens1-hardware.md @@ -15,7 +15,7 @@ appliesto: - HoloLens (1st gen) --- -# HoloLens (1st Gen) hardware +# HoloLens (1st gen) hardware ![Microsoft HoloLens (1st gen)](images/see-through-400px.jpg) From eef58a76bb62ba327cb8231da15de2d12e1cef3f Mon Sep 17 00:00:00 2001 From: Andres Ravinet <39545334+andresravinet@users.noreply.github.com> Date: Tue, 29 Oct 2019 19:35:27 -0400 Subject: [PATCH 07/98] Update add-devices.md Windows Autopilot information page URL is out of date. --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index b76cb0ec72..81e02c2620 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -27,7 +27,7 @@ Before deploying a device using Windows Autopilot, the device must be registered ## OEM registration -When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/windowsforbusiness/windows-autopilot). +When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/microsoft-365/windows/windows-autopilot). Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization). From 3d47f9af21f2f71dde0e95aed1218de16de69aac Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Tue, 29 Oct 2019 23:14:34 -0400 Subject: [PATCH 08/98] Windows Server Licensing Note Removed the licensing note in ASC Added note at the start of the document to mention the licensing requirement for MDATP on a Windows Server OS platform --- .../microsoft-defender-atp/configure-server-endpoints.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 7e89edf437..03653f97f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -43,6 +43,9 @@ The service supports the onboarding of the following servers: For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128). +>[!NOTE] +>An Azure Security Center Standard license is required, per node, to enroll Microsoft Defender ATP on a supported Windows Server platform, see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services) + ## Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP: @@ -178,9 +181,6 @@ Support for Windows Server, version 1803 and Windows 2019 provides deeper insigh ## Integration with Azure Security Center Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers. ->[!NOTE] ->You'll need to have the appropriate license to enable this feature. - The following capabilities are included in this integration: - Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding). From 2ef0b48709c572deadcd6328540d77de6f8f6af7 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 30 Oct 2019 13:43:42 +0500 Subject: [PATCH 09/98] Update windows/privacy/manage-windows-1809-endpoints.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/privacy/manage-windows-1809-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 9716cb4a2e..d096e3ff63 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o ## Windows Defender The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For detailed list of Windows Defender Antivirus cloud service connections see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Windows Defender Antivirus cloud service connections, see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). | Source process | Protocol | Destination | |----------------|----------|------------| From 4318ff141740aaf883994f20d1943609144fbcfd Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 30 Oct 2019 04:38:45 -0600 Subject: [PATCH 10/98] Removing table 7 references and add it an external link where is the full table. --- windows/security/threat-protection/auditing/event-4738.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index faa3dcf853..370f81910c 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -196,7 +196,7 @@ Typical **Primary Group** values for user accounts: - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here. -To decode this value, you can go through the property value definitions in the “Table 7. User’s or Computer’s account UAC flags.” from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. +To decode this value, you can go through the property value definitions in the ["[User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. Here's an example: Flags value from event: 0x15 @@ -226,7 +226,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: “Table 7. User’s or Computer’s account UAC flags.”. In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: ["[User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. From e11e6577882d0e8d51e75f4892a9f49ec21a846c Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 30 Oct 2019 04:41:30 -0600 Subject: [PATCH 11/98] Corrections typos --- windows/security/threat-protection/auditing/event-4738.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 370f81910c..c02d227f15 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -196,7 +196,7 @@ Typical **Primary Group** values for user accounts: - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here. -To decode this value, you can go through the property value definitions in the ["[User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. +To decode this value, you can go through the property value definitions in the ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. Here's an example: Flags value from event: 0x15 @@ -226,7 +226,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: ["[User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. From ecff6cd6f8a80e45cc794002d4c4ca04943c453d Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 30 Oct 2019 04:49:22 -0600 Subject: [PATCH 12/98] Added important note #5032 --- .../import-export-exploit-protection-emet-xml.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index c46302a04f..5e02af1092 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -53,6 +53,11 @@ When you have configured exploit protection to your desired state (including bot 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved. +>[!IMPORTANT] +> If you want to use Default configuration use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. +> + + ![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png) > [!NOTE] From e5f4610204359fae31f02d93eac3fc703974d2bc Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 30 Oct 2019 05:19:54 -0600 Subject: [PATCH 13/98] Added missing " --- windows/security/threat-protection/auditing/event-4738.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index c02d227f15..7f5810c9b2 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -226,7 +226,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. From 7e5daa182dc521d71a8592184d88816107c61e88 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Wed, 30 Oct 2019 08:48:21 -0700 Subject: [PATCH 14/98] Set locpri to "high" --- devices/hololens/holographic-3d-viewer-beta.md | 2 +- devices/hololens/holographic-store-apps.md | 2 +- devices/hololens/hololens-connect-devices.md | 2 +- devices/hololens/hololens-spaces.md | 2 +- devices/hololens/hololens-status.md | 2 +- devices/hololens/hololens1-clicker.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md index 0aada1fe55..e2118fa2d0 100644 --- a/devices/hololens/holographic-3d-viewer-beta.md +++ b/devices/hololens/holographic-3d-viewer-beta.md @@ -6,7 +6,7 @@ ms.sitesec: library author: Teresa-Motiv ms.author: v-tea ms.topic: article -ms.localizationpriority: medium +ms.localizationpriority: high ms.date: 9/3/19 ms.reviewer: manager: jarrettr diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md index 6d0e0d820a..2e91d32051 100644 --- a/devices/hololens/holographic-store-apps.md +++ b/devices/hololens/holographic-store-apps.md @@ -11,7 +11,7 @@ ms.sitesec: library author: mattzmsft ms.author: mazeller ms.topic: article -ms.localizationpriority: medium +ms.localizationpriority: high appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md index 6e8f48fa30..4d8816617c 100644 --- a/devices/hololens/hololens-connect-devices.md +++ b/devices/hololens/hololens-connect-devices.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Teresa-Motiv ms.author: v-tea ms.topic: article -ms.localizationpriority: medium +ms.localizationpriority: high ms.date: 9/13/2019 manager: jarrettr appliesto: diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md index b8f98ea416..26790eacca 100644 --- a/devices/hololens/hololens-spaces.md +++ b/devices/hololens/hololens-spaces.md @@ -9,7 +9,7 @@ keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, su ms.prod: hololens ms.sitesec: library ms.topic: article -ms.localizationpriority: medium +ms.localizationpriority: high appliesto: - HoloLens 1 (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md index 9438c6d9d2..0844b22cad 100644 --- a/devices/hololens/hololens-status.md +++ b/devices/hololens/hololens-status.md @@ -8,7 +8,7 @@ manager: jarrettr audience: Admin ms.topic: article ms.prod: hololens -ms.localizationpriority: Medium +ms.localizationpriority: high ms.sitesec: library --- diff --git a/devices/hololens/hololens1-clicker.md b/devices/hololens/hololens1-clicker.md index 9e8d26b69d..9da6a40ba5 100644 --- a/devices/hololens/hololens1-clicker.md +++ b/devices/hololens/hololens1-clicker.md @@ -10,7 +10,7 @@ ms.sitesec: library author: v-miegge ms.author: v-miegge ms.topic: article -ms.localizationpriority: medium +ms.localizationpriority: high appliesto: - HoloLens (1st gen) --- From 28b044ae91a22d08619f9f3cbee39cb261204f7c Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Wed, 30 Oct 2019 15:15:24 -0700 Subject: [PATCH 15/98] metadata fixes --- devices/hololens/holographic-3d-viewer-beta.md | 2 +- devices/hololens/holographic-store-apps.md | 4 ++-- devices/hololens/hololens-connect-devices.md | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md index e2118fa2d0..c51e16639a 100644 --- a/devices/hololens/holographic-3d-viewer-beta.md +++ b/devices/hololens/holographic-3d-viewer-beta.md @@ -7,7 +7,7 @@ author: Teresa-Motiv ms.author: v-tea ms.topic: article ms.localizationpriority: high -ms.date: 9/3/19 +ms.date: 09/03/19 ms.reviewer: manager: jarrettr appliesto: diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md index 2e91d32051..085f14c50e 100644 --- a/devices/hololens/holographic-store-apps.md +++ b/devices/hololens/holographic-store-apps.md @@ -3,7 +3,7 @@ title: Find, install, and uninstall applications description: The Microsoft Store is your source for apps and games that work with HoloLens. Learn more about finding, installing, and uninstalling holographic apps. ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435 ms.reviewer: v-miegge -ms.date: 8/30/2019 +ms.date: 08/30/2019 manager: jarrettr keywords: hololens, store, uwp, app, install ms.prod: hololens @@ -33,7 +33,7 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games ## Install apps -To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**. +To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**. 1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist. 2. Select the Store app and then tap to place this tile into your world. diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md index 4d8816617c..bbe2dad4d3 100644 --- a/devices/hololens/hololens-connect-devices.md +++ b/devices/hololens/hololens-connect-devices.md @@ -8,7 +8,7 @@ author: Teresa-Motiv ms.author: v-tea ms.topic: article ms.localizationpriority: high -ms.date: 9/13/2019 +ms.date: 09/13/2019 manager: jarrettr appliesto: - HoloLens (1st gen) @@ -34,7 +34,7 @@ Classes of Bluetooth devices supported by HoloLens (1st gen): - HoloLens (1st gen) clicker > [!NOTE] -> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660). +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](https://go.microsoft.com/fwlink/p/?LinkId=746660). ### Pair a Bluetooth keyboard or mouse From d91b202387d78afcc26f34757ff40b0a223625c1 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Wed, 30 Oct 2019 15:30:10 -0700 Subject: [PATCH 16/98] Metadata edit --- devices/hololens/holographic-3d-viewer-beta.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md index c51e16639a..bf0965b960 100644 --- a/devices/hololens/holographic-3d-viewer-beta.md +++ b/devices/hololens/holographic-3d-viewer-beta.md @@ -7,7 +7,7 @@ author: Teresa-Motiv ms.author: v-tea ms.topic: article ms.localizationpriority: high -ms.date: 09/03/19 +ms.date: 09/03/2019 ms.reviewer: manager: jarrettr appliesto: From fcfc8339cc4164b528f19289d00cb15a28d2e09f Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 30 Oct 2019 19:30:02 -0600 Subject: [PATCH 17/98] Update windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../import-export-exploit-protection-emet-xml.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index 5e02af1092..d0721eb9b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -53,7 +53,7 @@ When you have configured exploit protection to your desired state (including bot 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved. ->[!IMPORTANT] +> [!IMPORTANT] > If you want to use Default configuration use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. > From 495f0772edd9fc5024ec51312926b5f131942bc9 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 30 Oct 2019 19:30:13 -0600 Subject: [PATCH 18/98] Update windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../import-export-exploit-protection-emet-xml.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index d0721eb9b6..7bc2bbdc0a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -57,7 +57,6 @@ When you have configured exploit protection to your desired state (including bot > If you want to use Default configuration use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. > - ![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png) > [!NOTE] From ba4430f4e1bbf327ec77e7c2120b70a602a621da Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 31 Oct 2019 16:49:31 +0500 Subject: [PATCH 19/98] Added a log file for setupapi.dev.log Added a log file against user suggestion on problem https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4043 --- windows/deployment/upgrade/log-files.md | 90 ++++++++++++++++++++++++- 1 file changed, 89 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 0214e53ad8..ddb3d63a10 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -9,7 +9,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.localizationpriority: medium ms.topic: article --- @@ -159,6 +160,93 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f 27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C +
setupapi.dev.log content: + +
+>>>  [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
+>>>  Section start 2019/09/26 20:13:01.623
+      cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
+     ndv: INF path: C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf
+     ndv: Install flags: 0x00000000
+     ndv: {Update Device Driver - PCI\VEN_8086&DEV_8C4F&SUBSYS_05BE1028&REV_04\3&11583659&0&F8}
+     ndv:      Search options: 0x00000081
+     ndv:      Searching single INF 'C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf'
+     dvi:      {Build Driver List} 20:13:01.643
+     dvi:           Searching for hardware ID(s):
+     dvi:                pci\ven_8086&dev_8c4f&subsys_05be1028&rev_04
+     dvi:                pci\ven_8086&dev_8c4f&subsys_05be1028
+     dvi:                pci\ven_8086&dev_8c4f&cc_060100
+     dvi:                pci\ven_8086&dev_8c4f&cc_0601
+     dvi:           Searching for compatible ID(s):
+     dvi:                pci\ven_8086&dev_8c4f&rev_04
+     dvi:                pci\ven_8086&dev_8c4f
+     dvi:                pci\ven_8086&cc_060100
+     dvi:                pci\ven_8086&cc_0601
+     dvi:                pci\ven_8086
+     dvi:                pci\cc_060100
+     dvi:                pci\cc_0601
+     sig:           {_VERIFY_FILE_SIGNATURE} 20:13:01.667
+     sig:                Key      = lynxpointsystem.inf
+     sig:                FilePath = c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\lynxpointsystem.inf
+     sig:                Catalog  = c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\LynxPoint.cat
+     sig:                Success: File is signed in catalog.
+     sig:           {_VERIFY_FILE_SIGNATURE exit(0x00000000)} 20:13:01.683
+     dvi:           Created Driver Node:
+     dvi:                HardwareID   - PCI\VEN_8086&DEV_8C4F
+     dvi:                InfName      - c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\lynxpointsystem.inf
+     dvi:                DevDesc      - Intel(R) QM87 LPC Controller - 8C4F
+     dvi:                Section      - Needs_ISAPNP_DRV
+     dvi:                Rank         - 0x00ff2001
+     dvi:                Signer Score - WHQL
+     dvi:                DrvDate      - 04/04/2016
+     dvi:                Version      - 10.1.1.18
+     dvi:      {Build Driver List - exit(0x00000000)} 20:13:01.699
+     ndv:      Searching currently installed INF
+     dvi:      {Build Driver List} 20:13:01.699
+     dvi:           Searching for hardware ID(s):
+     dvi:                pci\ven_8086&dev_8c4f&subsys_05be1028&rev_04
+     dvi:                pci\ven_8086&dev_8c4f&subsys_05be1028
+     dvi:                pci\ven_8086&dev_8c4f&cc_060100
+     dvi:                pci\ven_8086&dev_8c4f&cc_0601
+     dvi:           Searching for compatible ID(s):
+     dvi:                pci\ven_8086&dev_8c4f&rev_04
+     dvi:                pci\ven_8086&dev_8c4f
+     dvi:                pci\ven_8086&cc_060100
+     dvi:                pci\ven_8086&cc_0601
+     dvi:                pci\ven_8086
+     dvi:                pci\cc_060100
+     dvi:                pci\cc_0601
+     dvi:           Created Driver Node:
+     dvi:                HardwareID   - PCI\VEN_8086&DEV_8C4F
+     dvi:                InfName      - C:\WINDOWS\System32\DriverStore\FileRepository\lynxpointsystem.inf_amd64_cd1e518d883ecdfe\lynxpointsystem.inf
+     dvi:                DevDesc      - Intel(R) QM87 LPC Controller - 8C4F
+     dvi:                Section      - Needs_ISAPNP_DRV
+     dvi:                Rank         - 0x00ff2001
+     dvi:                Signer Score - WHQL
+     dvi:                DrvDate      - 10/03/2016
+     dvi:                Version      - 10.1.1.38
+     dvi:      {Build Driver List - exit(0x00000000)} 20:13:01.731
+     dvi:      {DIF_SELECTBESTCOMPATDRV} 20:13:01.731
+     dvi:           Default installer: Enter 20:13:01.735
+     dvi:                {Select Best Driver}
+     dvi:                     Class GUID of device changed to: {4d36e97d-e325-11ce-bfc1-08002be10318}.
+     dvi:                     Selected Driver:
+     dvi:                          Description - Intel(R) QM87 LPC Controller - 8C4F
+     dvi:                          InfFile     - c:\windows\system32\driverstore\filerepository\lynxpointsystem.inf_amd64_cd1e518d883ecdfe\lynxpointsystem.inf
+     dvi:                          Section     - Needs_ISAPNP_DRV
+     dvi:                {Select Best Driver - exit(0x00000000)}
+     dvi:           Default installer: Exit
+     dvi:      {DIF_SELECTBESTCOMPATDRV - exit(0x00000000)} 20:13:01.743
+     ndv:      Currently Installed Driver:
+     ndv:           Inf Name       - oem1.inf
+     ndv:           Driver Date    - 10/03/2016
+     ndv:           Driver Version - 10.1.1.38
+     ndv: {Update Device Driver - exit(00000103)}
+!    ndv: No better matching drivers found for device 'PCI\VEN_8086&DEV_8C4F&SUBSYS_05BE1028&REV_04\3&11583659&0&F8'.
+!    ndv: No devices were updated.
+<<<  Section end 2019/09/26 20:13:01.759
+<<<  [Exit status: FAILURE(0xC1900101)]
+

This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. From 67996ef6ca9272b93a5a9ab0964e16997c2127f6 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 31 Oct 2019 19:31:57 +0530 Subject: [PATCH 20/98] Incorrect records due to extra space in the URLs #5275 the following domain address blank gaps are fixed --- .../microsoft-defender-atp/configure-proxy-internet.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 95e0136a97..4b60b485be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -111,7 +111,8 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec -|- Common URLs for all locations | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net``` -United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod. blob.core.windows.net```
```ussuk1westprod. blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod. blob.core.windows.net```
```wsuk1westprod. blob.core.windows.net``` +United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
+```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net``` United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net``` If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. From f73ff94f122efab56c26bb3febab95e2b2eddb2b Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 31 Oct 2019 15:52:22 -0600 Subject: [PATCH 21/98] Update windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../import-export-exploit-protection-emet-xml.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index 7bc2bbdc0a..38a561dbbe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -54,7 +54,7 @@ When you have configured exploit protection to your desired state (including bot 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved. > [!IMPORTANT] -> If you want to use Default configuration use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. +> If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. > ![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png) From cf981b2e64eff504394f5e7087bd7f94ca1870ed Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 31 Oct 2019 15:53:14 -0600 Subject: [PATCH 22/98] Update windows/security/threat-protection/auditing/event-4738.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/event-4738.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 7f5810c9b2..7bbfa91e88 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -196,7 +196,7 @@ Typical **Primary Group** values for user accounts: - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here. -To decode this value, you can go through the property value definitions in the ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. +To decode this value, you can go through the property value definitions in the [User’s or Computer’s account UAC flags](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. Here's an example: Flags value from event: 0x15 From e39f81777d4f2db44de83b0e5689d626659c27f9 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 31 Oct 2019 15:53:21 -0600 Subject: [PATCH 23/98] Update windows/security/threat-protection/auditing/event-4738.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/event-4738.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 7bbfa91e88..20d8865e4c 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -226,7 +226,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in [User’s or Computer’s account UAC flags](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. From a97c2ac811b84f7504ddc822036e4f4674d1c553 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Thu, 31 Oct 2019 15:59:20 -0600 Subject: [PATCH 24/98] Removed "s. --- windows/security/threat-protection/auditing/event-4738.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 7f5810c9b2..e9761cde7b 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -196,7 +196,7 @@ Typical **Primary Group** values for user accounts: - **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here. -To decode this value, you can go through the property value definitions in the ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. +To decode this value, you can go through the property value definitions in the [User’s or Computer’s account UAC flags.](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag. Here's an example: Flags value from event: 0x15 @@ -226,7 +226,7 @@ Decoding: So this UAC flags value decodes to: LOCKOUT and SCRIPT -- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: ["User’s or Computer’s account UAC flags."](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. +- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event. - **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value. From c92699ae633d47f4852097969ceaf923b6edcb02 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Thu, 31 Oct 2019 16:32:48 -0600 Subject: [PATCH 25/98] PR 5098+ 4984 issue #5072 --- devices/surface/surface-dock-firmware-update.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md index ffd159f4a1..c11aa390c5 100644 --- a/devices/surface/surface-dock-firmware-update.md +++ b/devices/surface/surface-dock-firmware-update.md @@ -47,8 +47,14 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm - **Msiexec.exe /i /quiet /norestart** +> [!NOTE] +> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]" + For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation. +> [!IMPORTANT] +> If you want to keep your Surface Dock updated using any other method, refer to [Update your Surface Dock](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) for details. + ## Intune deployment You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management). @@ -84,8 +90,8 @@ Successful completion of Surface Dock Firmware Update results in new registry ke | Log | Location | Notes | | -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Surface Dock Firmware Update log | /l*v %windir%\logs\Applications\SurfaceDockFWI.log | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. | -| Windows Device Install log | %windir%\inf\ setupapi.dev.log | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. | +| Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. | +| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. | **Table 2. Event log IDs for Surface Dock Firmware Update** @@ -97,6 +103,10 @@ Successful completion of Surface Dock Firmware Update results in new registry ke | 2003 | Dock firmware update failed to get firmware version. | | 2004 | Querying the firmware version. | | 2005 | Dock firmware failed to start update. | +| 2006 | Failed to send offer/payload pairs. | +| 2007 | Firmware update finished. | +| 2008 | BEGIN dock telemetry. | +| 2011 | END dock telemetry. | ## Troubleshooting tips From 74280fba5bf86cd6f8a140edcd4e63df9e03f27b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 1 Nov 2019 08:21:13 +0530 Subject: [PATCH 26/98] Update windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md accepted Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 4b60b485be..9dae6d3022 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -111,7 +111,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec -|- Common URLs for all locations | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net``` -United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
+United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net``` ```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net``` United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net``` From 35af62b13d0272bdeabd9ceca23d57e97598f59d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 1 Nov 2019 08:21:31 +0530 Subject: [PATCH 27/98] Update windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md accepted Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-proxy-internet.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 9dae6d3022..698e0aeb8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -112,7 +112,6 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Common URLs for all locations | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com``` European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net``` United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net``` -```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net``` United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net``` If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs. From 79622347cc376e39e88863d27e211775dc40c4f4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 1 Nov 2019 15:08:00 +0500 Subject: [PATCH 28/98] Update connect-to-remote-aadj-pc.md --- windows/client-management/connect-to-remote-aadj-pc.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index c265525536..2223a20526 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -82,7 +82,8 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC - Password - Windows Hello for Business, with or without an MDM subscription. - +>[!NOTE] +>To be able to connect to Azure Active Directory-joined computers, RDP client must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). ## Related topics From 61fccbfd1d7b4db8e31d9f51539e25e623ea938e Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 1 Nov 2019 12:45:44 +0200 Subject: [PATCH 29/98] update to universal conversion to domain local https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5148 --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index afaaca56b3..228b863e82 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -112,7 +112,7 @@ The following table lists the three group scopes and more information about each

Global groups from any domain in the same forest

Other Universal groups from any domain in the same forest

Can be converted to Domain Local scope

-

Can be converted to Global scope if the group does not contain any other Universal groups

+

Can be converted to Global scope if the group is not a member of any other Universal groups

On any domain in the same forest or trusting forests

Other Universal groups in the same forest

Domain Local groups in the same forest or trusting forests

From 7a4847bbb8ee9e0e9ae07dbece5dcc993c38f9df Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 1 Nov 2019 17:44:39 +0500 Subject: [PATCH 30/98] Allow Block URL is not supported As per my research, we cannot Allow/Block the specific URL(s) using Edge in Kiosk mode. So I have updated the content of the page. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5229 --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 130038d3a2..b049b6be43 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -243,7 +243,7 @@ In the following table, we show you the features available in both Microsoft Edg |-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:| | Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | | Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | -| Allow/Block URL support | ![Supported](images/148767.png)

*\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. | ![Supported](images/148767.png) | +| Allow/Block URL support | ![Not Supported](images/148766.png) ![Supported](images/148767.png) | | Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) | | Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png)

*Same as Home button URL* | | Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) | @@ -255,7 +255,7 @@ In the following table, we show you the features available in both Microsoft Edg | SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | **\*Windows Defender Firewall**

-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). +To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). --- From 81f3223fb3b9dde9797b5e1b8747e51619545552 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 1 Nov 2019 20:08:18 +0500 Subject: [PATCH 31/98] Added a port Added port number which these URLS are using. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5206 --- .../configure-network-connections-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index e73bbfe476..d600158473 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -46,7 +46,7 @@ See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints. -As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The URL: "\*.blob.core.windows.net" should not be excluded from any kind of network inspection. The table below lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL: "\*.blob.core.windows.net"). +As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The URL: "\*.blob.core.windows.net" should not be excluded from any kind of network inspection. The table below lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL: "\*.blob.core.windows.net"). Below mention URLs are using port 443 for communication. | **Service**| **Description** |**URL** | From 48fcc697e4e15dd8bf0aecfe0318766137104928 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 1 Nov 2019 09:45:47 -0700 Subject: [PATCH 32/98] Provide better clarity for Filepath rules --- .../select-types-of-rules-to-create.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 783157d1c5..2bc617c5ba 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -90,7 +90,7 @@ Table 3. Windows Defender Application Control policy - file rule levels |----------- | ----------- | | **Hash** | Specifies individual hash values for each discovered binary. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. | | **FileName** | Specifies individual binary file names. Although the hash values for an application are modified when updated, the file names are typically not. This offers less specific security than the hash level but does not typically require a policy update when any binary is modified. | -| **FilePath** | Beginning with Windows 10 version 1903, this specifies rules that allow execution of binaries contained in paths that are admin-writeable only. By default, WDAC performs a user-writeability check at runtime which ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access.
Note that filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. IT Pros should take care while crafting path rules to allow paths that they know are likely to remain to be admin-writeable only and deny execution from sub-directories where standard users can modify ACLs on the folder.
There is a defined list of SIDs which are recognized as admins (below). If a file has write permissions for a SID not in this list, the file will be flagged as user writeable.
S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523.
Wildcards can be used at the beginning or end of a path rule: only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. C:\\* would include C:\foo\\* ). Wildcards placed at the beginning of a path scan all directories for files with a specific name (ex. \*\bar.exe would allow C:\bar.exe and C:\foo\bar.exe). Wildcards in the middle of a path are not supported (ex. C:\\*\foo.exe). Without a wildcard, the rule will allow only a specific file (ex. C:\foo\bar.exe).
Supported macros: %WINDIR%, %SYSTEM32%, %OSDRIVE%.| +| **FilePath** | Beginning with Windows 10 version 1903, this specifies rules that allow execution of binaries contained under specific file path locations. Additional information about FilePath level rules can be found below. | > [!NOTE] > Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md) @@ -119,3 +119,20 @@ As part of normal operations, they will eventually install software updates, or They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required). +## More information about filepath rules + +Filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. IT Pros should take care while crafting path rules to allow paths that they know are likely to remain to be admin-writeable only and deny execution from sub-directories where standard users can modify ACLs on the folder. + +By default, WDAC performs a user-writeability check at runtime which ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access. + +There is a defined list of SIDs which WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable even if the additional SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described above. + +WDAC's list of well-known admin SIDs are:
+S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523. + +When generating filepath rules using [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy), a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](https://docs.microsoft.com/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards and include them in your [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) scan using the -Rules switch. + +Wildcards can be used at the beginning or end of a path rule: only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. C:\\* would include C:\foo\\* ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. \*\bar.exe would allow C:\bar.exe and C:\foo\bar.exe). Wildcards in the middle of a path are not supported (ex. C:\\*\foo.exe). Without a wildcard, the rule will allow only a specific file (ex. C:\foo\bar.exe).
Supported macros: %WINDIR%, %SYSTEM32%, %OSDRIVE%. + +> [!NOTE] +> Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md) From ef1f4d15aec5b93b5584c4d9e74242535f5b9428 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 1 Nov 2019 11:24:58 -0700 Subject: [PATCH 33/98] Metadata update --- devices/hololens/holographic-3d-viewer-beta.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md index bf0965b960..0e871995a3 100644 --- a/devices/hololens/holographic-3d-viewer-beta.md +++ b/devices/hololens/holographic-3d-viewer-beta.md @@ -7,8 +7,8 @@ author: Teresa-Motiv ms.author: v-tea ms.topic: article ms.localizationpriority: high -ms.date: 09/03/2019 -ms.reviewer: +ms.date: 10/30/2019 +ms.reviewer: scooley manager: jarrettr appliesto: - HoloLens (1st gen) From d03c161dd13ddb11eacfc3451a363183437d30b9 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 1 Nov 2019 13:43:15 -0700 Subject: [PATCH 34/98] added link to update history for 1903 --- windows/deployment/update/windows-update-troubleshooting.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index a1784e6a6e..bc40d3613e 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -24,6 +24,7 @@ If you run into problems when using Windows Update, start with the following ste 2. Install the most recent Servicing Stack Update (SSU) that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on SSU. 3. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: + - [Windows 10, version 1903 and Windows Server, version 1903](https://support.microsoft.com/help/4498140) - [Windows 10, version 1809 and Windows Server 2019](https://support.microsoft.com/help/4464619/windows-10-update-history) - [Windows 10, version 1803](https://support.microsoft.com/help/4099479/windows-10-update-history) - [Windows 10, version 1709](https://support.microsoft.com/help/4043454) From 672d670467cf16320d8c2ac971cbd3dc47f8b2d8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 1 Nov 2019 14:10:10 -0700 Subject: [PATCH 35/98] Update add-devices.md --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 81e02c2620..096ebe1151 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -27,7 +27,7 @@ Before deploying a device using Windows Autopilot, the device must be registered ## OEM registration -When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/microsoft-365/windows/windows-autopilot). +When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers and resellers" section of the [Windows Autopilot information page](https://aka.ms/windowsautopilot). Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization). From 4ee80b915d9aade47e2f4c80fbd4c6affa0b8955 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:29:16 -0700 Subject: [PATCH 36/98] Updated unsecure links to "https" --- .../update/windows-update-troubleshooting.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index bc40d3613e..a417e5997b 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -208,12 +208,12 @@ Users may see that Windows 10 is consuming all the bandwidth in the different of The following group policies can help mitigate this: -- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](http://gpsearch.azurewebsites.net/#4728) (Set to enabled) -- Driver search: [Policy Specify search order for device driver source locations](http://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update") -- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](http://gpsearch.azurewebsites.net/#10876) (Set to enabled) +- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](https://gpsearch.azurewebsites.net/#4728) (Set to enabled) +- Driver search: [Policy Specify search order for device driver source locations](https://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update") +- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](https://gpsearch.azurewebsites.net/#10876) (Set to enabled) Other components that reach out to the internet: -- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](http://gpsearch.azurewebsites.net/#13362) (Set to disabled) -- Consumer experiences: [Policy Turn off Microsoft consumer experiences](http://gpsearch.azurewebsites.net/#13329) (Set to enabled) -- Background traffic from Windows apps: [Policy Let Windows apps run in the background](http://gpsearch.azurewebsites.net/#13571) +- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](https://gpsearch.azurewebsites.net/#13362) (Set to disabled) +- Consumer experiences: [Policy Turn off Microsoft consumer experiences](https://gpsearch.azurewebsites.net/#13329) (Set to enabled) +- Background traffic from Windows apps: [Policy Let Windows apps run in the background](https://gpsearch.azurewebsites.net/#13571) From 162c6340027a4a4b05bdc73125249425e05af967 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:34:20 -0700 Subject: [PATCH 37/98] Update links headers back to "http" --- .../update/windows-update-troubleshooting.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index a417e5997b..bc40d3613e 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -208,12 +208,12 @@ Users may see that Windows 10 is consuming all the bandwidth in the different of The following group policies can help mitigate this: -- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](https://gpsearch.azurewebsites.net/#4728) (Set to enabled) -- Driver search: [Policy Specify search order for device driver source locations](https://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update") -- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](https://gpsearch.azurewebsites.net/#10876) (Set to enabled) +- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](http://gpsearch.azurewebsites.net/#4728) (Set to enabled) +- Driver search: [Policy Specify search order for device driver source locations](http://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update") +- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](http://gpsearch.azurewebsites.net/#10876) (Set to enabled) Other components that reach out to the internet: -- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](https://gpsearch.azurewebsites.net/#13362) (Set to disabled) -- Consumer experiences: [Policy Turn off Microsoft consumer experiences](https://gpsearch.azurewebsites.net/#13329) (Set to enabled) -- Background traffic from Windows apps: [Policy Let Windows apps run in the background](https://gpsearch.azurewebsites.net/#13571) +- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](http://gpsearch.azurewebsites.net/#13362) (Set to disabled) +- Consumer experiences: [Policy Turn off Microsoft consumer experiences](http://gpsearch.azurewebsites.net/#13329) (Set to enabled) +- Background traffic from Windows apps: [Policy Let Windows apps run in the background](http://gpsearch.azurewebsites.net/#13571) From 5c3975b599613ecf6a46b51500f5799e92dc35bb Mon Sep 17 00:00:00 2001 From: lukeoreilly Date: Fri, 1 Nov 2019 17:59:17 -0700 Subject: [PATCH 38/98] Update hololens2-setup.md Changes to LED and Button behavior interaction designs in 1910 release. --- devices/hololens/hololens2-setup.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md index 912f8f5f79..11264a4d75 100644 --- a/devices/hololens/hololens2-setup.md +++ b/devices/hololens/hololens2-setup.md @@ -102,6 +102,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL | - | - | - | | You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. | | You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. | +| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a Display failure. To be sure, [re-install the OS](hololens-recovery.md#hololens-2), and try again | ## Safety and comfort From 3b2f208073498518670dfbac3b6dac0f8c644524 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 2 Nov 2019 09:31:44 +0500 Subject: [PATCH 39/98] Update browsers/edge/microsoft-edge-kiosk-mode-deploy.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index b049b6be43..c8f4907b02 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -255,7 +255,7 @@ In the following table, we show you the features available in both Microsoft Edg | SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | **\*Windows Defender Firewall**

-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). +To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). --- From e4645743ae71065fe70bcc4fe173242aceacb67d Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 3 Nov 2019 09:53:23 +0500 Subject: [PATCH 40/98] Update browsers/edge/microsoft-edge-kiosk-mode-deploy.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index c8f4907b02..c336f03247 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -255,7 +255,7 @@ In the following table, we show you the features available in both Microsoft Edg | SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education | **\*Windows Defender Firewall**

-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). +To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both, using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). --- From ad34ea37558226f306ecf2f8c3152346de4a2fb0 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Sun, 3 Nov 2019 11:13:16 -0600 Subject: [PATCH 41/98] Update devices/surface/surface-dock-firmware-update.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/surface/surface-dock-firmware-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md index c11aa390c5..1766e89b0b 100644 --- a/devices/surface/surface-dock-firmware-update.md +++ b/devices/surface/surface-dock-firmware-update.md @@ -91,7 +91,7 @@ Successful completion of Surface Dock Firmware Update results in new registry ke | Log | Location | Notes | | -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. | -| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. | +| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-). | **Table 2. Event log IDs for Surface Dock Firmware Update** From 597d60b918bd6f094f83508e3cddb1eed5b25951 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 4 Nov 2019 11:51:57 +0500 Subject: [PATCH 42/98] Update windows/client-management/connect-to-remote-aadj-pc.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 2223a20526..8dda89a5eb 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -82,7 +82,7 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC - Password - Windows Hello for Business, with or without an MDM subscription. ->[!NOTE] +> [!NOTE] >To be able to connect to Azure Active Directory-joined computers, RDP client must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). ## Related topics From 55459d5ba60201cf63fd82a8184e868f1f68ede1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 4 Nov 2019 11:52:06 +0500 Subject: [PATCH 43/98] Update windows/client-management/connect-to-remote-aadj-pc.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 8dda89a5eb..82b8fbf76b 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -83,7 +83,7 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC - Windows Hello for Business, with or without an MDM subscription. > [!NOTE] ->To be able to connect to Azure Active Directory-joined computers, RDP client must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). +> To be able to connect to Azure Active Directory-joined PCs, the RDP client must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). ## Related topics From 0d5793f671eb6d78234eba79b977d7748046ef30 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 4 Nov 2019 15:13:49 +0500 Subject: [PATCH 44/98] Update connect-to-remote-aadj-pc.md --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 82b8fbf76b..36244304b3 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -83,7 +83,7 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC - Windows Hello for Business, with or without an MDM subscription. > [!NOTE] -> To be able to connect to Azure Active Directory-joined PCs, the RDP client must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). +> If RDP client running Windwos Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). ## Related topics From 318730ccc9f6cd023d05f5f1268d26f3e6ce2ad1 Mon Sep 17 00:00:00 2001 From: lukeoreilly Date: Mon, 4 Nov 2019 12:43:07 -0800 Subject: [PATCH 45/98] Update hololens2-setup.md Light flash pattern may be for general hardware fault, not only display. --- devices/hololens/hololens2-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md index 11264a4d75..e0ccfcdfeb 100644 --- a/devices/hololens/hololens2-setup.md +++ b/devices/hololens/hololens2-setup.md @@ -102,7 +102,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL | - | - | - | | You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. | | You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. | -| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a Display failure. To be sure, [re-install the OS](hololens-recovery.md#hololens-2), and try again | +| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [re-install the OS](hololens-recovery.md#hololens-2), and try again. | ## Safety and comfort From 817c97dc9a78ad352359dc5a75f26dd0714d456f Mon Sep 17 00:00:00 2001 From: lukeoreilly Date: Mon, 4 Nov 2019 15:34:29 -0800 Subject: [PATCH 46/98] Update hololens2-setup.md Add call to action. --- devices/hololens/hololens2-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md index e0ccfcdfeb..9f8edd7758 100644 --- a/devices/hololens/hololens2-setup.md +++ b/devices/hololens/hololens2-setup.md @@ -102,7 +102,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL | - | - | - | | You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. | | You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. | -| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [re-install the OS](hololens-recovery.md#hololens-2), and try again. | +| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [reinstall the OS](hololens-recovery.md#hololens-2), and try again. After reinstalling the OS, if the light-flash pattern persists, contact [support](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb). | ## Safety and comfort From 78bc857306db4abd888951995762015ba84e91ce Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 4 Nov 2019 18:16:36 -0600 Subject: [PATCH 47/98] Update windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../import-export-exploit-protection-emet-xml.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index 38a561dbbe..38b96e9451 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -55,7 +55,6 @@ When you have configured exploit protection to your desired state (including bot > [!IMPORTANT] > If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file. -> ![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png) From 827b55042029a158a95e97862c4aaf754a9f5e55 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 5 Nov 2019 15:59:39 +0500 Subject: [PATCH 48/98] Update windows/client-management/connect-to-remote-aadj-pc.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/connect-to-remote-aadj-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 36244304b3..44260b0181 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -83,7 +83,7 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC - Windows Hello for Business, with or without an MDM subscription. > [!NOTE] -> If RDP client running Windwos Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). +> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities). ## Related topics From 00c804988dddf001b0d70ae9e9844c9f459e028b Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 5 Nov 2019 08:44:26 -0800 Subject: [PATCH 49/98] Generalize WDAC main topic to cover app control --- .../applocker/applocker-overview.md | 6 -- .../windows-defender-application-control.md | 79 ++++++++++++++----- ...ows-defender-device-guard-and-applocker.md | 30 ------- 3 files changed, 60 insertions(+), 55 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index eef2cc16e8..320db86050 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -80,12 +80,6 @@ The following are examples of scenarios in which AppLocker can be used: AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies. -## System requirements - -AppLocker policies can only be configured on and applied to computers that are running on the supported versions and editions of the Windows operating system. Group Policy is required to distribute Group Policy Objects that contain AppLocker policies. For more info, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). - -AppLocker rules can be created on domain controllers. - ## Installing AppLocker AppLocker is included with enterprise-level editions of Windows. You can author AppLocker rules for a single computer or for a group of computers. For a single computer, you can author the rules by using the Local Security Policy editor (secpol.msc). For a group of computers, you can author the rules within a Group Policy Object by using the Group Policy Management Console (GPMC). diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 06f7a63a13..866893266e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -1,6 +1,6 @@ --- -title: Windows Defender Application Control (WDAC) (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +title: Application Control for Windows +description: Application Control restricts which applications users are allowed to run and the code that runs in the system core. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -17,7 +17,7 @@ manager: dansimp ms.date: 01/08/2019 --- -# Windows Defender Application Control +# Application Control **Applies to:** @@ -25,36 +25,77 @@ ms.date: 01/08/2019 - Windows Server 2016 - Windows Server 2019 -With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks. -In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. +With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks. -However, when a user runs a process, that process has the same level of access to data that the user has. -As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. +In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. -Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. -Specifically, application control moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. -Many organizations, like the Australian Signals Directorate, understand this and frequently cite application control as one of the most effective means for addressing the threat of executable file-based malware (.exe, .dll, etc.). +Application control can help mitigate these types of security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). Application control policies can also block unsigned scripts and MSIs, and restrict Windows PowerShell to run in [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-5.1). -Windows Defender Application Control (WDAC) can help mitigate these types of security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). -WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs in [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-5.1). +Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control moves away from an application trust model where all applications are assumed trustworthy to one where applications must earn trust in order to run. Many organizations, like the Australian Signals Directorate, understand this and frequently cite application control as one of the most effective means for addressing the threat of executable file-based malware (.exe, .dll, etc.). + +> [!NOTE] +> Although application control can significantly harden your computers against malicious code, we recommend that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio. + +Windows 10 includes two technologies that can be used for application control depending on your organization's specific scenarios and requirements:
+- **Windows Defender Application Control**; and +- **AppLocker** + +## Windows Defender Application Control + +Windows Defender Application Control (WDAC) was introduced with Windows 10 and allows organizations to control what drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC). > [!NOTE] > Prior to Windows 10, version 1709, Windows Defender Application Control was known as configurable code integrity policies. -## WDAC System Requirements +WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on: +- Attributes of the codesigning certificate(s) used to sign an app and its binaries; +- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file; +- The reputation of the app as determined by Microsoft's Intelligent Security Graph; +- The identity of the process that initiated the installation of the app and its binaries (managed installer); +- The path from which the app or file is launched (beginning with Windows 10 version 1903); +- The process that launched the app or binary. -WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Windows Server 2016 and above. +### WDAC System Requirements + +WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Windows Server 2016 and above. They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and optionally managed via Mobile Device Management (MDM), such as Microsoft Intune. -Group Policy or Intune can be used to distribute WDAC policies. +Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above. -## New and changed functionality +## AppLocker -Prior to Windows 10, version 1709, Windows Defender Application Control was known as Windows Defender Device Guard configurable code integrity policies. +AppLocker was introduced with Windows 7 and allows organizations to control what applications their users are allowed to run on their Windows clients. AppLocker provides security value as a defense in depth feature and helps end users avoid running unapproved software on their computers. -Beginning with Windows 10, version 1703, you can use WDAC not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser). -For more information, see [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md). +AppLocker policies can apply to all users on a computer or to individual users and groups. AppLocker rules can be defined based on: +- Attributes of the codesigning certificate(s) used to sign an app and its binaries; +- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file; +- The path from which the app or file is launched (beginning with Windows 10 version 1903). + +### AppLocker System Requirements + +AppLocker policies can only be configured on and applied to computers that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). +AppLocker policies can be deployed using Group Policy or MDM. + +## Choose when to use WDAC or AppLocker + +Although either AppLocker or WDAC can be used to control application execution on Windows 10 clients, the following factors can help you decide when to use each of the technologies. + +**WDAC is best when:** +- You are adopting application control primarily for security reasons. +- Your application control policy can be applied to all users on the managed computers. +- All of the devices you wish to manage are running Windows 10. + +**AppLocker is best when:** +- You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS. +- You need to apply different policies for different users or groups on a shared computer. +- You are using application control to help users avoid running unapproved software, but you do not require a solution designed as a security feature. +- You do not wish to enforce application control on application files such as DLLs or drivers. + +**When to use both WDAC and AppLocker together** +AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where its important to prevent some users from running specific apps. +As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level. ## See also - [WDAC design guide](windows-defender-application-control-design-guide.md) - [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) +- [AppLocker overview](applocker/applocker-overview.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md deleted file mode 100644 index 3935248ada..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Windows Defender Device Guard and AppLocker (Windows 10) -description: Explains how -keywords: virtualization, whitelisting, security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp -ms.date: 05/03/2018 ---- - -# Windows Defender Device Guard with AppLocker - -Although [AppLocker](applocker/applocker-overview.md) is not considered a new Windows Defender Device Guard feature, it complements Windows Defender Device Guard functionality when Windows Defender Application Control (WDAC) cannot be fully implemented or its functionality does not cover every desired scenario. -There are many scenarios in which WDAC would be used alongside AppLocker rules. -As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level. - -> [!NOTE] -> One example of how Windows Defender Device Guard functionality can be enhanced by AppLocker is when you want to apply different policies for different users on the same device. For example, you may allow your IT support personnel to run additional apps that you do not allow for your end-users. You can accomplish this user-specific enforcement by using an AppLocker rule. - -AppLocker and Windows Defender Device Guard should run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. -In addition to these features, we recommend that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio. From a7a95a0b916603e483bce0c9cb2b3361534d9140 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Tue, 5 Nov 2019 09:02:25 -0800 Subject: [PATCH 50/98] Fixed links --- .../windows-defender-application-control/TOC.md | 1 - .../windows-defender-application-control.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 196c8dc9a2..001a62ba5b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -35,7 +35,6 @@ ### [Use signed policies to protect Windows Defender Application Control against tampering](use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md) #### [Signing WDAC policies with SignTool.exe](signing-policies-with-signtool.md) ### [Disable WDAC policies](disable-windows-defender-application-control-policies.md) -### [Device Guard and AppLocker](windows-defender-device-guard-and-applocker.md) ## [AppLocker](applocker\applocker-overview.md) ### [Administer AppLocker](applocker\administer-applocker.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 866893266e..3884112eab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -72,7 +72,7 @@ AppLocker policies can apply to all users on a computer or to individual users a ### AppLocker System Requirements -AppLocker policies can only be configured on and applied to computers that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). +AppLocker policies can only be configured on and applied to computers that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](applocker/requirements-to-use-applocker.md). AppLocker policies can be deployed using Group Policy or MDM. ## Choose when to use WDAC or AppLocker From ade51c4476ba602862997c1463ddc659ce150bbe Mon Sep 17 00:00:00 2001 From: Robert Durff Date: Tue, 5 Nov 2019 09:50:57 -0800 Subject: [PATCH 51/98] Quick refresh of FIPS 140-2 topic As a first step in a larger refactoring of the FIPS 140-2 content on docs.ms.com, we are refreshing the intro to the existing FIPS 140-2 topic and updating the tables with the latest validations for Windows and Windows Server. --- .../threat-protection/fips-140-validation.md | 14285 ++++++++-------- 1 file changed, 7194 insertions(+), 7091 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 5f47de9db6..32bbf69dc2 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,7091 +1,7194 @@ ---- -title: FIPS 140 Validation -description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. -ms.prod: w10 -audience: ITPro -author: dulcemontemayor -ms.author: dansimp -manager: dansimp -ms.collection: M365-identity-device-management -ms.topic: article -ms.localizationpriority: medium -ms.date: 04/03/2018 -ms.reviewer: ---- - - -# FIPS 140 Validation - -On this page - -- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo) -- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd) -- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd) -- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve) -- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac) -- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac) -- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac) -- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg) - -Updated: March 2018 - - - -## Introduction - -This document provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard, *Federal Information Processing Standard (FIPS) 140 – Security Requirements for Cryptographic Modules* \[FIPS 140\]. - -### Audience - -This document is primarily focused on providing information for three parties: - -[Procurement Officer](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_product_validation) – Responsible for verifying that Microsoft products (or even third-party applications) are either FIPS 140 validated or utilize a Microsoft FIPS 140 validated cryptographic module. - -[System Integrator](https://technet.microsoft.com/library/cc750357.aspx#_information_for_system) – Responsible for ensuring that Microsoft Products are configured properly to use only FIPS 140 validated cryptographic modules. - -[Software Developer](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) – Responsible for building software products that utilize Microsoft FIPS 140 validated cryptographic modules. - -### Document Map - -This document is broken into seven major sections: - -[FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#_fips_140_overview) – Provides an overview of the FIPS 140 standard as well as provides some historical information about the standard. - -[Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_product_validation) – Provides information on how Microsoft products are FIPS 140 validated. - -[Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#_information_for_system) – Describes how to configure and verify that Microsoft Products are being used in a manner consistent with the product’s FIPS 140 Security Policy. - -[Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) – Identifies how developers can leverage the Microsoft FIPS 140 validated cryptographic modules. - -[FAQ](https://technet.microsoft.com/library/cc750357.aspx#_fips_140_faq) – Frequently Asked Questions. - -[Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) – Explains Microsoft cryptographic architecture and identifies specific modules that are FIPS 140 validated. - -[Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#_cryptographic_algorithms) – Lists the cryptographic algorithm, modes, states, key sizes, Windows versions, and corresponding cryptographic algorithm validation certificates. - -## FIPS 140 Overview - -### FIPS 140 Standard - -FIPS 140 is a US government and Canadian government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive but unclassified information. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC). - -The current standard defines four-levels of increasing security, 1 through 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements. - -### Applicability of the FIPS standard - -Within the US Federal government, the FIPS 140 standard applies to any security system (whether hardware, firmware, software, or a combination thereof) to be used by agencies for protecting sensitive but unclassified information. Some agencies have expanded its use by requiring that the modules to be procured for secret systems also meet the FIPS 140 requirements. - -The FIPS 140 standard has also been used by different standards bodies, specification groups, nations, and private institutions as a requirement or guideline for those products (e.g. – Digital Cinema Systems Specification). - -### History of 140-1 - -FIPS 140-1 is the original working version of the standard made official on January 11, 1994. The standard remained in effect until FIPS 140-2 became mandatory for new products on May 25, 2002. - -### FIPS 140-2 - -FIPS 140-2 is currently the active version of the standard. - -### Microsoft FIPS Support Policy - -Microsoft actively maintains FIPS 140 validation for its cryptographic modules. - -### FIPS Mode of Operation - -The common term “FIPS mode” is used in this document and Security Policy documents. When a cryptographic module contains both FIPS-approved and non-FIPS approved security methods, it must have a "FIPS mode of operation" to ensure only FIPS-approved security methods may be used. When a module is in "FIPS mode", a non-FIPS approved method cannot be used instead of a FIPS-approved method. - -## Microsoft Product Validation (Information for Procurement Officers and Auditors) - -This section provides information for Procurement Officers and Auditors who are responsible for ensuring that Microsoft products with FIPS 140 validated cryptographic modules are used in their organization. The goal of this section is to provide an overview of the Microsoft developed products and modules and explain how the validated cryptographic modules are used. - -### Microsoft Product Relationship with CNG and CAPI libraries - -Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services. - -The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules: - -- Schannel Security Package -- Remote Desktop Protocol (RDP) Client -- Encrypting File System (EFS) -- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) -- BitLocker® Drive Full-volume Encryption -- IPsec Settings of Windows Firewall -- Server Message Block (SMB) 3.x - -## Information for System Integrators - -This section provides information for System Integrators and Auditors who are responsible for deploying Microsoft products in a manner consistent with the product’s FIPS 140 Security Policy. - -There are two steps to ensure that Microsoft products operate in FIPS mode: - -1. Selecting/Installing FIPS 140 validated cryptographic modules -2. Setting FIPS local/group security policy flag. - -### Step 1 – Selecting/Installing FIPS 140 Validated Cryptographic Modules - -Systems Integrators must ensure that all cryptographic modules installed are, in fact, FIPS 140 validated. This can be accomplished by cross-checking the version number of the installed module with the list of validated binaries. The list of validated CAPI binaries is identified in the [CAPI Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_capi_validated_cryptographic) section below and the list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_cng_validated_cryptographic) section below. There are similar sections for all other validated cryptographic modules. - -The version number of the installed binary is found by right-clicking the module file and clicking on the Version or Details tab. Cryptographic modules are stored in the "windows\\system32" or "windows\\system32\\drivers" directory. - -### Step 2 – Setting FIPS Local/Group Security Policy Flag - -The Windows operating system provides a group (or local) security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”, which is used by many Microsoft products to determine whether to operate in a FIPS-approved mode. When this policy is set, the validated cryptographic modules in Windows will also operate in a FIPS-approved mode. - -**Note** – There is no enforcement of the FIPS policy by the operating system or the validated cryptographic modules. Instead, each individual application must check this flag and enforce the Security Policy of the validated cryptographic modules. - -#### Instructions on Setting the FIPS Local/Group Security Policy Flag - -While there are alternative methods for setting the FIPS local/group security policy flag, the following method is included as a guide to users with Administrative privileges. This description is for the Local Security Policy, but the Group Security Policy may be set in a similar manner. - -1. Open the 'Run' menu by pressing the combination 'Windows Key + R'. -2. Type 'secpol.msc' and press 'Enter' or click the 'Ok' button. -3. In the Local Security Policy management console window that opens, use the left tab to navigate to the Local Policies -\> Security Options. -4. Scroll down the right pane and double-click 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing'. -5. In the properties window, select the 'Enabled' option and click the 'Apply' button. - -#### Microsoft Components and Products That Utilize FIPS Local/Group Security Policy - -The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy. - -- Schannel Security Package -- Remote Desktop Protocol (RDP) Client -- Encrypting File System (EFS) -- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) -- BitLocker® Drive Full-volume Encryption -- IPsec Settings of Windows Firewall - -#### Effects of Setting FIPS Local/Group Security Policy Flag - -When setting the FIPS local/group security policy flag, the behavior of several Microsoft components and products are affected. The most noticeable difference will be that the components enforcing this setting will only use those algorithms approved or allowed in FIPS mode. The specific changes to the products listed above are: - -- Schannel Security Package forced to negotiate sessions using TLS. The following supported Cipher Suites are disabled: - -- - TLS\_RSA\_WITH\_RC4\_128\_SHA - - TLS\_RSA\_WITH\_RC4\_128\_MD5 - - SSL\_CK\_RC4\_128\_WITH\_MD5 - - SSL\_CK\_DES\_192\_EDE3\_CBC\_WITH\_MD5 - - TLS\_RSA\_WITH\_NULL\_MD5 - - TLS\_RSA\_WITH\_NULL\_SHA - -- The set of cryptographic algorithms that a Remote Desktop Protocol (RDP) server will use is scoped to: - -- - CALG\_RSA\_KEYX - RSA public key exchange algorithm - - CALG\_3DES - Triple DES encryption algorithm - - CALG\_AES\_128 - 128 bit AES - - CALG\_AES\_256 - 256 bit AES - - CALG\_SHA1 - SHA hashing algorithm - - CALG\_SHA\_256 - 256 bit SHA hashing algorithm - - CALG\_SHA\_384 - 384 bit SHA hashing algorithm - - CALG\_SHA\_512 - 512 bit SHA hashing algorithm - -- Any Microsoft .NET Framework applications, such as Microsoft ASP.NET or Windows Communication Foundation (WCF), only allow algorithm implementations that are validated to FIPS 140, meaning only classes that end in "CryptoServiceProvider" or "Cng" can be used. Any attempt to create an instance of other cryptographic algorithm classes or create instances that use non-allowed algorithms will cause an InvalidOperationException exception. - -- Verification of ClickOnce applications fails unless the client computer has .NET Framework 2.0 SP1 or later service pack installed or .NET Framework 3.5 or later installed. - -- On Windows Vista and Windows Server 2008 and later, BitLocker Drive Encryption switches from AES-128 using the elephant diffuser to using the approved AES-256 encryption. Recovery passwords are not created or backed up. Instead, backup a recovery key on a local drive or on a network share. To use the recovery key, put the key on a USB device and plug the device into the computer. - -Please be aware that selection of FIPS mode can limit product functionality (See ). - -## Information for Software Developers - -This section is targeted at developers who wish to build their own applications using the FIPS 140 validated cryptographic modules. - -Each of the validated cryptographic modules defines a series of rules that must be followed. The security rules for each validated cryptographic module are specified in the Security Policy document. Links to each of the Security Policy documents is provided in the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) section below. Generally, the restriction in Microsoft validated cryptographic modules is limiting the use of cryptography to only FIPS Approved cryptographic algorithms, modes, and key sizes. - -### Using Microsoft Cryptographic Modules in a FIPS mode of operation - -No matter whether developing with native languages or using .NET, it is important to first check whether the CNG modules for the target system are FIPS validated. The list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_cng_validated_cryptographic) section. - -When developing using CNG directly, it is the responsibility of the developer to follow the security rules outlined in the FIPS 140 Security Policy for each module. The security policy for each module is provided on the CMVP website. Links to each of the Security Policy documents is provided in the tables below. It is important to remember that setting the FIPS local/group security policy Flag (discussed above) does not affect the behavior of the modules when used for developing custom applications. - -If you are developing your application using .NET instead of using the native libraries, then setting the FIPS local policy flag will generate an exception when an improper .NET class is used for cryptography (i.e. the cryptographic classes whose names end in "Managed"). The names of these allowed classes end with "Cng", which use the CNG binaries or "CryptoServiceProvider", which use the legacy CAPI binaries. - -### Key Strengths and Validity Periods - -NIST Special Publication 800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, dated November 2015, \[[SP 800-131A](http://dx.doi.org/10.6028/nist.sp.800-131ar1)\], offers guidance for moving to stronger cryptographic keys and algorithms. This does not replace NIST SP 800-57, Recommendation for Key Management Part 1: General, \[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\], but gives more specific guidance. One of the most important topics discussed in these publications deals with the key strengths of FIPS Approved algorithms and their validity periods. When developing applications that use FIPS Approved algorithms, it is also extremely important to select appropriate key sizes based on the security lifetimes recommended by NIST. - -## FIPS 140 FAQ - -The following are answers to commonly asked questions for the FIPS 140-2 validation of Microsoft products. - -1. How does FIPS 140 relate to the Common Criteria? - **Answer:** These are two separate security standards with different, but complementary, purposes. FIPS 140 is a standard designed specifically for validating product modules that implement cryptography. On the other hand, Common Criteria is designed to help evaluate security functions in IT products. - In many cases, Common Criteria evaluations will rely on FIPS 140 validations to provide assurance that cryptographic functionality is implemented properly. -2. How does FIPS 140 relate to Suite B? - **Answer:** Suite B is simply a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. - The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140 standard. -3. There are so many modules listed on the NIST website for each release, how are they related and how do I tell which one applies to me? - **Answer:** Microsoft strives to validate all releases of its cryptographic modules. Each module provides a different set of cryptographic algorithms. If you are required to use only FIPS validated cryptographic modules, you simply need to verify that the version being used appears on the validation list. - Please see the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140)section for a complete list of Microsoft validated modules. -4. My application links against crypt32.dll, cryptsp.dll, advapi32.dll, bcrypt.dll, bcryptprimitives.dll, or ncrypt.dll. What do I need to do to assure I’m using FIPS 140 validated cryptographic modules? - **Answer:** crypt32.dll, cryptsp.dll, advapi32.dll, and ncrypt.dll are intermediary libraries that will offload all cryptographic operations to the FIPS validated cryptographic modules. Bcrypt.dll itself is a validated cryptographic module for Windows Vista and Windows Server 2008. For Windows 7 and Windows Server 2008 R2 and later, bcryptprimitives.dll is the validated module, but bcrypt.dll remains as one of the libraries to link against. - You must first verify that the underlying CNG cryptographic module is validated. Once verified, you'll need to confirm that you're using the module correctly in FIPS mode (See [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) section for details). -5. What does "When operated in FIPS mode" mean on certificates? - **Answer:** This caveat identifies that a required configuration and security rules must be followed in order to use the cryptographic module in a manner consistent with its FIPS 140 Security Policy. The security rules are defined in the Security Policy for the module and usually revolve around using only FIPS Approved cryptographic algorithms and key sizes. Please see the Security Policy for the specific security rules for each cryptographic module (See [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) section for links to each policy). -6. Which FIPS validated module is called when Windows 7 or Windows 8 is configured to use the FIPS setting in the wireless configuration? - **Answer:** CNG is used. This setting tells the wireless driver to call FIPS 140-2 validated cryptographic modules instead of using the driver’s own cryptography, if any. -7. Is BitLocker to Go FIPS 140-2 validated? - **Answer:** There are two separate parts for BitLocker to Go. One part is simply a native feature of BitLocker and as such, it uses FIPS 140-2 validated cryptographic modules. The other part is the BitLocker to Go Reader application for down-level support of older operating systems such as Windows XP and Windows Vista. The Reader application does not use FIPS 140-2 validated cryptographic modules. -8. Are applications FIPS 140-2 validated? - **Answer:** Microsoft only has low-level cryptographic modules in Windows FIPS 140-2 validated, not high-level applications. A better question is whether a certain application calls a FIPS 140-2 validated cryptographic module in the underlying Windows OS. That question needs to be directed to the company/product group that created the application of interest. -9. How can Systems Center Operations Manager 2012 be configured to use FIPS 140-2 validated cryptographic modules? - **Answer:** See [https://technet.microsoft.com/library/hh914094.aspx](https://technet.microsoft.com/library/hh914094.aspx) - -## Microsoft FIPS 140 Validated Cryptographic Modules - -### Modules By Operating System - -The following tables identify the Cryptographic Modules for an operating system. - -#### Windows - -##### Windows 10 Creators Update (Version 1703) - -Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.15063#3095

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.15063#3094

#3094

-

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

Boot Manager10.0.15063#3089

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

-

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader10.0.15063#3090

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

-

Other algorithms: NDRNG

Windows Resume[1]10.0.15063#3091FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter[2]10.0.15063#3092FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll)10.0.15063#3093

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3]10.0.15063#3096

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

- - -\[1\] Applies only to Home, Pro, Enterprise, Education and S - -\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub - -\[3\] Applies only to Pro, Enterprise Education and S - -##### Windows 10 Anniversary Update (Version 1607) - -Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.14393#2937

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.14393#2936

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

Boot Manager10.0.14393#2931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

-

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.14393#2932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)[1]10.0.14393#2933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[2]10.0.14393#2934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.14393#2935

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: AES (non-compliant); MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

Secure Kernel Code Integrity (skci.dll)[3]10.0.14393#2938

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
-
-Other algorithms: MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

- - -\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB - -\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile - -\[3\] Applies only to Pro, Enterprise and Enterprise LTSB - -##### Windows 10 November 2015 Update (Version 1511) - -Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10586#2606

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10586#2605

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

Boot Manager[4]10.0.10586#2700FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[5]10.0.10586#2701FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[6]10.0.10586#2702FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[7]10.0.10586#2703FIPS Approved algorithms: AES (Certs. #3653)
Code Integrity (ci.dll)10.0.10586#2604

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
-
-Other algorithms: AES (non-compliant); MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

Secure Kernel Code Integrity (skci.dll)[8]10.0.10586#2607

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
-
-Other algorithms: MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

- - -\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub - -\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub - -\[6\] Applies only to Home, Pro and Enterprise - -\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub - -\[8\] Applies only to Enterprise and Enterprise LTSB - -##### Windows 10 (Version 1507) - -Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10240#2606

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10240#2605

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

Boot Manager[9]10.0.10240#2600FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[10]10.0.10240#2601FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[11]10.0.10240#2602FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[12]10.0.10240#2603FIPS Approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll)10.0.10240#2604

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
-
-Other algorithms: AES (non-compliant); MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

Secure Kernel Code Integrity (skci.dll)[13]10.0.10240#2607

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
-
-Other algorithms: MD5

-

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

- - -\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB - -\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB - -\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB - -\[12\] Applies only to Pro, Enterprise and Enterprise LTSB - -\[13\] Applies only to Enterprise and Enterprise LTSB - -##### Windows 8.1 - -Validated Editions: RT, Pro, Enterprise, Phone, Embedded - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.17031#2357

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.17042#2356

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

-

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager6.3.9600 6.3.9600.17031#2351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.17031#2352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[14]6.3.9600 6.3.9600.17031#2353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)6.3.9600 6.3.9600.17031#2354FIPS Approved algorithms: AES (Cert. #2832)
-
-Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.17031#2355#2355

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
-
-Other algorithms: MD5

-

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

- - -\[14\] Applies only to Pro, Enterprise, and Embedded 8. - -##### Windows 8 - -Validated Editions: RT, Home, Pro, Enterprise, Phone - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.9200#1892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
-
-
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.9200#1891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.9200#1895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.9200#1896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)[15]6.2.9200#1898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.9200#1899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
-
-Other algorithms: N/A
Code Integrity (CI.DLL)6.2.9200#1897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.9200#1893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.9200#1894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
- - -\[15\] Applies only to Home and Pro - -**Windows 7** - -Validated Editions: Windows 7, Windows 7 SP1 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)

6.1.7600.16385

-

6.1.7601.17514

1329FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Kernel Mode Cryptographic Primitives Library (cng.sys)

6.1.7600.16385

-

6.1.7600.16915

-

6.1.7600.21092

-

6.1.7601.17514

-

6.1.7601.17725

-

6.1.7601.17919

-

6.1.7601.21861

-

6.1.7601.22076

1328FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Boot Manager

6.1.7600.16385

-

6.1.7601.17514

1319FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
-
-Other algorithms: MD5
Winload OS Loader (winload.exe)

6.1.7600.16385

-

6.1.7600.16757

-

6.1.7600.20897

-

6.1.7600.20916

-

6.1.7601.17514

-

6.1.7601.17556

-

6.1.7601.21655

-

6.1.7601.21675

1326FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5
BitLocker™ Drive Encryption

6.1.7600.16385

-

6.1.7600.16429

-

6.1.7600.16757

-

6.1.7600.20536

-

6.1.7600.20873

-

6.1.7600.20897

-

6.1.7600.20916

-

6.1.7601.17514

-

6.1.7601.17556

-

6.1.7601.21634

-

6.1.7601.21655

-

6.1.7601.21675

1332FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-Other algorithms: Elephant Diffuser
Code Integrity (CI.DLL)

6.1.7600.16385

-

6.1.7600.17122

-

6.1.7600.21320

-

6.1.7601.17514

-

6.1.7601.17950

-

6.1.7601.22108

1327FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.1.7600.16385
-(no change in SP1)		1331FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH.DLL)6.1.7600.16385
-(no change in SP1)		1330FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
- - -##### Windows Vista SP1 - -Validated Editions: Ultimate Edition - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000 and 6.0.6002.18005978FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596979FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
-
-Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005980FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
-
-Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228691000

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228721001

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051002

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051003

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

- - -##### Windows Vista - -Validated Editions: Ultimate Edition - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider (RSAENH)6.0.6000.16386893FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6000.16386894FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.0.6000.16386947FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
-
-Other algorithms: Elephant Diffuser
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067891FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
- - -##### Windows XP SP3 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.1.2600.5512997

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

-

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.1.2600.5507990

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH)5.1.2600.5507989

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

- - -##### Windows XP SP2 - - ------ - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
DSS/Diffie-Hellman Enhanced Cryptographic Provider5.1.2600.2133240

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

-

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider5.1.2600.2161238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

-

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

- - -##### Windows XP SP1 - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Microsoft Enhanced Cryptographic Provider5.1.2600.1029238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

-

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

- - -##### Windows XP - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module5.1.2600.0241

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

-

Other algorithms: DES (Cert. #89)

- - -##### Windows 2000 SP3 - - ------ - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

-

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2195.3665 [SP3])

-

(Base: 5.0.2195.3839 [SP3])

-

(DSS/DH Enh: 5.0.2195.3665 [SP3])

-

(Enh: 5.0.2195.3839 [SP3]

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

-

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

- - -##### Windows 2000 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

-

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS:

-

5.0.2195.2228 [SP2])

-

(Base:

-

5.0.2195.2228 [SP2])

-

(DSS/DH Enh:

-

5.0.2195.2228 [SP2])

-

(Enh:

-

5.0.2195.2228 [SP2])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

-

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

- - -##### Windows 2000 SP1 - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2150.1391 [SP1])

-

(Base: 5.0.2150.1391 [SP1])

-

(DSS/DH Enh: 5.0.2150.1391 [SP1])

-

(Enh: 5.0.2150.1391 [SP1])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

-

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

- - -##### Windows 2000 - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.2150.176

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

-

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

- - -##### Windows 95 and Windows 98 - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.1877.6 and 5.0.1877.775

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

-

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

- - -##### Windows NT 4.0 - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base Cryptographic Provider5.0.1877.6 and 5.0.1877.768FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
-
-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
- - -#### Windows Server - -##### Windows Server 2016 - -Validated Editions: Standard, Datacenter, Storage Server - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.143932937FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.143932936FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager10.0.143932931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

-

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.143932932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)10.0.143932933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)10.0.143932934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.143932935FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: AES (non-compliant); MD5
Secure Kernel Code Integrity (skci.dll)10.0.143932938FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
-
-Other algorithms: MD5
- - -##### Windows Server 2012 R2 - -Validated Editions: Server, Storage Server, - -**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.170312357FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.170422356FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.3.9600 6.3.9600.170312351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.170312352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[16]6.3.9600 6.3.9600.170312353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[17]6.3.9600 6.3.9600.170312354FIPS Approved algorithms: AES (Cert. #2832)
-
-Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.170312355FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
-
-Other algorithms: MD5
- - -\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** - -\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** - -**Windows Server 2012** - -Validated Editions: Server, Storage Server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.92001892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.92001891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.92001895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.92001896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)6.2.92001898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.92001899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
-
-Other algorithms: N/A
Code Integrity (CI.DLL)6.2.92001897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.92001893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.92001894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
- - -##### Windows Server 2008 R2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.175141321FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5
Winload OS Loader (winload.exe)6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216751333FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5
Code Integrity (ci.dll)6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221081334FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5
Kernel Mode Cryptographic Primitives Library (cng.sys)6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220761335FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Cryptographic Primitives Library (bcryptprimitives.dll)66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.175141336FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
Enhanced Cryptographic Provider (RSAENH)6.1.7600.163851337FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.1.7600.163851338FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216751339FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-Other algorithms: Elephant Diffuser
- - -##### Windows Server 2008 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224971004FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: N/A
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225961005FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051006FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228691007FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228721008FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051009FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
-
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051010FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
- - -##### Windows Server 2003 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.3959875

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.3959869

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

-

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH)5.2.3790.3959868

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

- - -##### Windows Server 2003 SP1 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.1830 [SP1]405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

-

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

-

[1] x86
-[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.1830 [Service Pack 1])382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

-

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

-

[1] x86
-[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.1830 [Service Pack 1]381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

-

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

-

[1] x86
-[2] SP1 x86, x64, IA64

- - -##### Windows Server 2003 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.0405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

-

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

-

[1] x86
-[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.0382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

-

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

-

[1] x86
-[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.0381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

-

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

-

[1] x86
-[2] SP1 x86, x64, IA64

- - -#### Other Products - -##### Windows Embedded Compact 7 and Windows Embedded Compact 8 - - ------ - - - - - - - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider7.00.2872 [1] and 8.00.6246 [2]2957

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

-

Allowed algorithms: HMAC-MD5; MD5; NDRNG

Cryptographic Primitives Library (bcrypt.dll)7.00.2872 [1] and 8.00.6246 [2]2956

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

-

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

- - - -##### Windows CE 6.0 and Windows Embedded Compact 7 - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider6.00.1937 [1] and 7.00.1687 [2]825

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

-

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

- - -##### Outlook Cryptographic Provider - - ------ - - - - - - - - - - - - - - -
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Outlook Cryptographic Provider (EXCHCSP)SR-1A (3821)SR-1A (3821)110

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

-

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

- - - -### Cryptographic Algorithms - -The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate. - -### Advanced Encryption Standard (AES) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • AES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CFB128:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CTR:
    • -
    • -
    • Counter Source: Internal
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-OFB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -

Microsoft Surface Hub Virtual TPM Implementations #4904

-

Version 10.0.15063.674

    -
  • AES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CFB128:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CTR:
    • -
    • -
    • Counter Source: Internal
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-OFB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

-

Version 10.0.16299

    -
  • AES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CCM:
    • -
    • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • -
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • -
    • Plain Text Length: 0-32
      • -
    • AAD Length: 0-65536
      • -
    • -
  • AES-CFB128:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CMAC:
    • -
    • -
    • Generation:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • Verification:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • -
  • AES-CTR:
    • -
    • -
    • Counter Source: Internal
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-GCM:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • -
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • 96 bit IV supported
      • -
    • -
  • AES-XTS:
    • -
    • -
    • Key Size: 128:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • Key Size: 256:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • -

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902

-

Version 10.0.15063.674

    -
  • AES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CCM:
    • -
    • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • -
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • -
    • Plain Text Length: 0-32
      • -
    • AAD Length: 0-65536
      • -
    • -
  • AES-CFB128:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CMAC:
    • -
    • -
    • Generation:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • Verification:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • -
  • AES-CTR:
    • -
    • -
    • Counter Source: Internal
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-GCM:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • -
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • 96 bit IV supported
      • -
    • -
  • AES-XTS:
    • -
    • -
    • Key Size: 128:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • Key Size: 256:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • -

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901

-

Version 10.0.15254

    -
  • AES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CCM:
    • -
    • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • -
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • -
    • Plain Text Length: 0-32
      • -
    • AAD Length: 0-65536
      • -
    • -
  • AES-CFB128:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-CMAC:
    • -
    • -
    • Generation:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • Verification:
      • -
      • -
      • AES-128:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-192:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • AES-256:
        • -
        • -
        • Block Sizes: Full, Partial
          • -
        • Message Length: 0-65536
          • -
        • Tag Length: 16-16
          • -
        • -
      • -
    • -
  • AES-CTR:
    • -
    • -
    • Counter Source: Internal
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • -
  • AES-GCM:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • IV Generation: External
      • -
    • Key Lengths: 128, 192, 256 (bits)
      • -
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • -
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • 96 bit IV supported
      • -
    • -
  • AES-XTS:
    • -
    • -
    • Key Size: 128:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • Key Size: 256:
      • -
      • -
      • Modes: Decrypt, Encrypt
        • -
      • Block Sizes: Full
        • -
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

-

Version 10.0.16299

AES-KW:

-
    -
  • Modes: Decrypt, Encrypt
    • -
  • CIPHK transformation direction: Forward
    • -
  • Key Lengths: 128, 192, 256 (bits)
    • -
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • -
-

AES Val#4902

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

-

Version 10.0.15063.674

AES-KW:

-
    -
  • Modes: Decrypt, Encrypt
    • -
  • CIPHK transformation direction: Forward
    • -
  • Key Lengths: 128, 192, 256 (bits)
    • -
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • -
-

AES Val#4901

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

-

Version 10.0.15254

AES-KW:

-
    -
  • Modes: Decrypt, Encrypt
    • -
  • CIPHK transformation direction: Forward
    • -
  • Key Lengths: 128, 192, 256 (bits)
    • -
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • -
-

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

-

Version 10.0.16299

AES-CCM:

-
    -
  • Key Lengths: 256 (bits)
    • -
  • Tag Lengths: 128 (bits)
    • -
  • IV Lengths: 96 (bits)
    • -
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • -
-

AES Val#4902

Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

-

Version 10.0.15063.674

AES-CCM:

-
    -
  • Key Lengths: 256 (bits)
    • -
  • Tag Lengths: 128 (bits)
    • -
  • IV Lengths: 96 (bits)
    • -
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • -
-

AES Val#4901

Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

-

Version 10.0.15254

AES-CCM:

-
    -
  • Key Lengths: 256 (bits)
    • -
  • Tag Lengths: 128 (bits)
    • -
  • IV Lengths: 96 (bits)
    • -
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • -
-

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

-

Version 10.0.16299

CBC ( e/d; 128 , 192 , 256 );

-

CFB128 ( e/d; 128 , 192 , 256 );

-

OFB ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627

-

Version 10.0.15063

KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

-

AES Val#4624

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

-

Version 10.0.15063

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#4624

-

 

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

-

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

CFB128 ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

-

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

-

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )

-

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

-

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

-

IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported

-

GMAC_Supported

-

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

-

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434

-

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433

-

Version 8.00.6246

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431

-

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430

-

Version 8.00.6246

CBC ( e/d; 128 , 192 , 256 );

-

CFB128 ( e/d; 128 , 192 , 256 );

-

OFB ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074

-

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

-

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

-

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

-

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported

-

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

-

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
-Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )

-

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

-

Version 10.0.14393

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

-

Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

-

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

-

Version 10.0.10586

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

-

Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
-Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

-

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

-

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

-

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported

-

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
-
-

-

Version 10.0.10586

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

-

AES Val#3497

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

-

Version 10.0.10240

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#3497

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

-

Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

-

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

-

CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

-

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported

-

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
-Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
-Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853

-

Version 6.3.9600

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#2832

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

-

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

-

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

-

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

-

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

-

IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
-OtherIVLen_Supported
-GMAC_Supported

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

-

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-AES Val#2197

-

CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
-AES Val#2197

-

GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
-GMAC_Supported

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

-

AES Val#2196

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

CFB128 ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-AES Val#1168

Windows Server 2008 R2 and SP1 CNG algorithms #1187

-

Windows 7 Ultimate and SP1 CNG algorithms #1178

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
-AES Val#1168		Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

-

 

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168

GCM

-

GMAC

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

Windows Server 2008 CNG algorithms #757

-

Windows Vista Ultimate SP1 CNG algorithms #756

CBC ( e/d; 128 , 256 );

-

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate BitLocker Drive Encryption #715

-

Windows Vista Ultimate BitLocker Drive Encryption #424

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CFB8 ( e/d; 128 , 192 , 256 );

Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

-

Windows Vista Symmetric Algorithm Implementation #553

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

-

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023

ECB ( e/d; 128 , 192 , 256 );

-

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

-

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

-

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

-

Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

-

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

-

Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

-

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

-

Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

-

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

-

Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33

- - -Deterministic Random Bit Generator (DRBG) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • Counter:
    • -
    • -
    • Modes: AES-256
      • -
    • Derivation Function States: Derivation Function not used
      • -
    • Prediction Resistance Modes: Not Enabled
      • -
    • -
-

Prerequisite: AES #4904

Microsoft Surface Hub Virtual TPM Implementations #1734

-

Version 10.0.15063.674

    -
  • Counter:
    • -
    • -
    • Modes: AES-256
      • -
    • Derivation Function States: Derivation Function not used
      • -
    • Prediction Resistance Modes: Not Enabled
      • -
    • -
-

Prerequisite: AES #4903

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733

-

Version 10.0.16299

    -
  • Counter:
    • -
    • -
    • Modes: AES-256
      • -
    • Derivation Function States: Derivation Function used
      • -
    • Prediction Resistance Modes: Not Enabled
      • -
    • -
-

Prerequisite: AES #4902

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732

-

Version 10.0.15063.674

    -
  • Counter:
    • -
    • -
    • Modes: AES-256
      • -
    • Derivation Function States: Derivation Function used
      • -
    • Prediction Resistance Modes: Not Enabled
      • -
    • -
-

Prerequisite: AES #4901

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731

-

Version 10.0.15254

    -
  • Counter:
    • -
    • -
    • Modes: AES-256
      • -
    • Derivation Function States: Derivation Function used
      • -
    • Prediction Resistance Modes: Not Enabled
      • -
    • -
-

Prerequisite: AES #4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730

-

Version 10.0.16299

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

-

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

-

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

-

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

-

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

-

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

-

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

-

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

-

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

-

Version 10.0.10586

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

-

Version 10.0.10240

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

-

Version 6.3.9600

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
DRBG (SP 800–90)Windows Vista Ultimate SP1, vendor-affirmed
- - -#### Digital Signature Algorithm (DSA) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • DSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • PQGGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • PQGVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • KeyPair:
        • -
        • -
        • L = 2048, N = 256
          • -
        • L = 3072, N = 256
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303

-

Version 10.0.15063.674

    -
  • DSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • PQGGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • PQGVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • KeyPair:
        • -
        • -
        •  
          • -
        •  
          • -
        • L = 2048, N = 256
          • -
        • L = 3072, N = 256
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302

-

Version 10.0.15254

    -
  • DSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • PQGGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • PQGVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigGen:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • SigVer:
        • -
        • -
        • L = 2048, N = 256 SHA: SHA-256
          • -
        • L = 3072, N = 256 SHA: SHA-256
          • -
        • -
      • KeyPair:
        • -
        • -
        • L = 2048, N = 256
          • -
        • L = 3072, N = 256
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301

-

Version 10.0.16299

FIPS186-4:

-

PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]

-

PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

KeyPairGen:   [ (2048,256) ; (3072,256) ]

-

SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]

-

SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

SHS: Val#3790

-

DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

-

Version 10.0.15063

FIPS186-4:
-PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
-SHS: Val# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

-

Version 7.00.2872

FIPS186-4:
-PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
-SHS: Val#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

-

Version 8.00.6246

FIPS186-4:
-PQG(gen)PARMS TESTED: [
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED:   [ (2048,256)
-SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

SHS: Val# 3347
-DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

-

Version 10.0.14393

FIPS186-4:
-PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
-KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

SHS: Val# 3047
-DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

-

Version 10.0.10586

FIPS186-4:
-PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

SHS: Val# 2886
-DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

-

Version 10.0.10240

FIPS186-4:
-PQG(gen)PARMS TESTED:   [
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED:   [ (2048,256)
-SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

-

SHS: Val# 2373
-DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

-

Version 6.3.9600

FIPS186-2:
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1903
-DRBG: #258

-

FIPS186-4:
-PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
FIPS186-2:
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1902
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

Windows Server 2008 R2 and SP1 CNG algorithms #391

-

Windows 7 Ultimate and SP1 CNG algorithms #386

FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1081
-RNG: Val# 649
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

-

Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

Windows Server 2008 CNG algorithms #284

-

Windows Vista Ultimate SP1 CNG algorithms #283

FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 753
-RNG: Val# 435
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

Windows Server 2008 Enhanced DSS (DSSENH) #282

-

Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

Windows Vista CNG algorithms #227

-

Windows Vista Enhanced DSS (DSSENH) #226

FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 784
-RNG: Val# 448
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.		Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 783
-RNG: Val# 447
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 611
-RNG: Val# 314		Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 385		Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
FIPS186-2:
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 181
-
-		Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SHS: SHA-1 (BYTE)
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE)

Windows 2000 DSSENH.DLL #29

-

Windows 2000 DSSBASE.DLL #28

-

Windows NT 4 SP6 DSSENH.DLL #26

-

Windows NT 4 SP6 DSSBASE.DLL #25

FIPS186-2: PRIME;
-FIPS186-2:

-

KEYGEN(Y):
-SHS: SHA-1 (BYTE)

-

SIG(gen):
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE)

Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
- - -#### Elliptic Curve Digital Signature Algorithm (ECDSA) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #2373, DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

-

Version 6.3.9600

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384
          • -
        • Generation Methods: Testing Candidates
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #1253

-

Version 10.0.15063.674

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384
          • -
        • Generation Methods: Testing Candidates
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252

-

Version 10.0.16299

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1251

-

Version 10.0.15063.674

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250

-

Version 10.0.15063.674

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249

-

Version 10.0.15254

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248

-

Version 10.0.15254

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247

-

Version 10.0.16299

    -
  • ECDSA:
    • -
    • -
    • 186-4:
      • -
      • -
      • Key Pair Generation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • Generation Methods: Extra Random Bits
          • -
        • -
      • Public Key Validation:
        • -
        • -
        • Curves: P-256, P-384, P-521
          • -
        • -
      • Signature Generation:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • Signature Verification:
        • -
        • -
        • P-256 SHA: SHA-256
          • -
        • P-384 SHA: SHA-384
          • -
        • P-521 SHA: SHA-512
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246

-

Version 10.0.16299

FIPS186-4:
-PKG: CURVES( P-256 P-384 TestingCandidates )
-SHS: Val#3790
-DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

-

Version 10.0.15063

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#3790
-DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

-

Version 10.0.15063

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#3790
-DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

-

Version 10.0.15063

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
-SHS:Val# 3649
-DRBG:Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

-

Version 7.00.2872

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
-SHS:Val#3648
-DRBG:Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

-

Version 8.00.6246

FIPS186-4:
-PKG: CURVES( P-256 P-384 TestingCandidates )
-PKV: CURVES( P-256 P-384 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )

-

SHS: Val# 3347
-DRBG: Val# 1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

-

Version 10.0.14393

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

-

SHS: Val# 3347
-DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

-

Version 10.0.14393

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

-

SHS: Val# 3047
-DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

-

Version 10.0.10586

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

-

SHS: Val# 2886
-DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

-

Version 10.0.10240

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

-

SHS: Val#2373
-DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

-

Version 6.3.9600

FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: #1903
-DRBG: #258
-SIG(ver):CURVES( P-256 P-384 P-521 )
-SHS: #1903
-DRBG: #258

-

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#1773
-DRBG: Val# 193
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#1773
-DRBG: Val# 193

-

FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#1081
-DRBG: Val# 23
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

Windows Server 2008 R2 and SP1 CNG algorithms #142

-

Windows 7 Ultimate and SP1 CNG algorithms #141

FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#753
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

Windows Server 2008 CNG algorithms #83

-

Windows Vista Ultimate SP1 CNG algorithms #82

FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#618
-RNG: Val# 321
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.		Windows Vista CNG algorithms #60
- - -#### Keyed-Hash Message Authentication Code (HMAC) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • HMAC-SHA-1:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-256:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-384:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
-

Prerequisite: SHS #4011

Microsoft Surface Hub Virtual TPM Implementations #3271

-

Version 10.0.15063.674

    -
  • HMAC-SHA-1:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-256:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-384:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
-

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270

-

Version 10.0.16299

    -
  • HMAC-SHA-1:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-256:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-384:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-512:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
-

Prerequisite: SHS #4011

Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269

-

Version 10.0.15063.674

    -
  • HMAC-SHA-1:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-256:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-384:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-512:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
-

Prerequisite: SHS #4010

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268

-

Version 10.0.15254

    -
  • HMAC-SHA-1:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-256:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-384:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
  • HMAC-SHA2-512:
    • -
    • -
    • Key Sizes &lt; Block Size
      • -
    • Key Sizes &gt; Block Size
      • -
    • Key Sizes = Block Size
      • -
    • -
-

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267

-

Version 10.0.16299

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

-

Version 10.0.15063

HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

-

Version 10.0.15063

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

-

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

-

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

-

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

-

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
-SHS Val# 3347

-

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
-SHS Val# 3347

-

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
-SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

-

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

-

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
-SHS Val# 3047

-

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
-SHS Val# 3047

-

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
-SHS Val# 3047

-

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
-SHS Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

-

Version 10.0.10586

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
-SHSVal# 2886

-

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
-SHSVal# 2886

-

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
- SHSVal# 2886

-

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
-SHSVal# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

-

Version 10.0.10240

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
-SHS Val#2373

-

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
-SHS Val#2373

-

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
-SHS Val#2373

-

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
-SHS Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

-

Version 6.3.9600

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

-

Version 5.2.29344

HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902

-

HMAC-SHA256 ( Key Size Ranges Tested: KS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )

-

SHS#1903

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )

-

SHS#1903

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS )

-

SHS#1903

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )

-

SHS#1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

-

Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

Windows Server 2008 R2 and SP1 CNG algorithms #686

-

Windows 7 and SP1 CNG algorithms #677

-

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

-

Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081

-

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753

-

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

-

Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

-

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753

Windows Server 2008 CNG algorithms #413

-

Windows Vista Ultimate SP1 CNG algorithms #412

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737

-

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737

Windows Vista Ultimate BitLocker Drive Encryption #386

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista CNG algorithms #298

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578

Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495

-

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495

Windows Vista BitLocker Drive Encryption #199
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

-

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305

-

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305

-

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305

-

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
- - -#### Key Agreement Scheme (KAS) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • KAS ECC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • -
    • Schemes:
      • -
      • -
      • Full Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • KDFs: Concatenation
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #150

-

Version 10.0.15063.674

    -
  • KAS ECC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • -
    • Schemes:
      • -
      • -
      • Full Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • KDFs: Concatenation
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149

-

Version 10.0.16299

    -
  • KAS ECC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • -
    • Schemes:
      • -
      • -
      • Ephemeral Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • KDFs: Concatenation
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • One Pass DH:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • Static Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732

-
    -
  • KAS FFC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • -
    • Schemes:
      • -
      • -
      • dhEphem:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhOneFlow:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhStatic:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DSA #1303, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #148

-

Version 10.0.15063.674

    -
  • KAS ECC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • -
    • Schemes:
      • -
      • -
      • Ephemeral Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • KDFs: Concatenation
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • One Pass DH:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • Static Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731

-
    -
  • KAS FFC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • -
    • Schemes:
      • -
      • -
      • dhEphem:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhOneFlow:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhStatic:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DSA #1302, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147

-

Version 10.0.15254

    -
  • KAS ECC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • -
    • Schemes:
      • -
      • -
      • Ephemeral Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • KDFs: Concatenation
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • One Pass DH:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • Static Unified:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • EC:
            • -
            • -
            • Curve: P-256
              • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • ED:
            • -
            • -
            • Curve: P-384
              • -
            • SHA: SHA-384
              • -
            • MAC: HMAC
              • -
            • -
          • EE:
            • -
            • -
            • Curve: P-521
              • -
            • SHA: SHA-512
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730

-
    -
  • KAS FFC:
    • -
    • -
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • -
    • Schemes:
      • -
      • -
      • dhEphem:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhOneFlow:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • dhStatic:
        • -
        • -
        • Key Agreement Roles: Initiator, Responder
          • -
        • Parameter Sets:
          • -
          • -
          • FB:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • FC:
            • -
            • -
            • SHA: SHA-256
              • -
            • MAC: HMAC
              • -
            • -
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DSA #1301, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146

-

Version 10.0.16299

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]

-

SHS Val#3790
-DSA Val#1135
-DRBG Val#1556

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

-

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
-SHS Val#3790
-DSA Val#1223
-DRBG Val#1555

-

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS Val#3790
-ECDSA Val#1133
-DRBG Val#1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

-

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
-SHS Val# 3649
-DSA Val#1188
-DRBG Val#1430

-

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115

-

Version 7.00.2872

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhHybridOneFlow ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
-SHS Val#3648
-DSA Val#1187
-DRBG Val#1429

-

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS Val#3648
-ECDSA Val#1072
-DRBG Val#1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

-

Version 8.00.6246

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
-SCHEMES  [ FullUnified  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]

-

SHS Val# 3347 ECDSA Val#920 DRBG Val#1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

-

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
-SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

-

SHS Val# 3347 DSA Val#1098 DRBG Val#1217

-

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

-

SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

-

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

-

SHS Val# 3047 DSA Val#1024 DRBG Val#955

-

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

-

SHS Val# 3047 ECDSA Val#760 DRBG Val#955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

-

Version 10.0.10586

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

-

SHS Val# 2886 DSA Val#983 DRBG Val#868

-

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

-

SHS Val# 2886 ECDSA Val#706 DRBG Val#868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

-

Version 10.0.10240

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

-

SHS Val#2373 DSA Val#855 DRBG Val#489

-

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

-

SHS Val#2373 ECDSA Val#505 DRBG Val#489

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

-

Version 6.3.9600

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS #1903 DSA Val#687 DRBG #258

-

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS #1903 ECDSA Val#341 DRBG #258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36

KAS (SP 800–56A)

-

key agreement

-

key establishment methodology provides 80 to 256 bits of encryption strength

Windows 7 and SP1, vendor-affirmed

-

Windows Server 2008 R2 and SP1, vendor-affirmed

- - -SP 800-108 Key-Based Key Derivation Functions (KBKDF) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • Counter:
    • -
    • -
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • -
    • -
-

MAC prerequisite: HMAC #3271

-
-
    -
  • Counter Location: Before Fixed Data
    • -
  • R Length: 32 (bits)
    • -
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • -
-
-

K prerequisite: DRBG #1734, KAS #150

Microsoft Surface Hub Virtual TPM Implementations #161

-

Version 10.0.15063.674

    -
  • Counter:
    • -
    • -
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • -
    • -
-

MAC prerequisite: HMAC #3270

-
-
    -
  • Counter Location: Before Fixed Data
    • -
  • R Length: 32 (bits)
    • -
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • -
-
-

K prerequisite: DRBG #1733, KAS #149

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160

-

Version 10.0.16299

    -
  • Counter:
    • -
    • -
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • -
    • -
-

MAC prerequisite: AES #4902, HMAC #3269

-
-
    -
  • Counter Location: Before Fixed Data
    • -
  • R Length: 32 (bits)
    • -
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • -
  • K prerequisite: KAS #148
    • -
-

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159

-

Version 10.0.15063.674

    -
  • Counter:
    • -
    • -
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • -
    • -
-

MAC prerequisite: AES #4901, HMAC #3268

-
-
    -
  • Counter Location: Before Fixed Data
    • -
  • R Length: 32 (bits)
    • -
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • -
-
-

K prerequisite: KAS #147

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158

-

Version 10.0.15254

    -
  • Counter:
    • -
    • -
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • -
    • -
-

MAC prerequisite: AES #4897, HMAC #3267

-
-
    -
  • Counter Location: Before Fixed Data
    • -
  • R Length: 32 (bits)
    • -
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • -
-
-

K prerequisite: KAS #146

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157

-

Version 10.0.16299

CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-
-KAS Val#128
-DRBG Val#1556
-MAC Val#3062

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

-

Version 10.0.15063

CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-
-KAS Val#127
-AES Val#4624
-DRBG Val#1555
-MAC Val#3061

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

-

Version 10.0.15063

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

KAS Val#93 DRBG Val#1222 MAC Val#2661

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

-

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

-

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

-

Version 10.0.10586

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

-

Version 10.0.10240

CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

DRBG Val#489 MAC Val#1773

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

-

Version 6.3.9600

CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

-

DRBG #258 HMAC Val#1345

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
- - -Random Number Generator (RNG) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #

FIPS 186-2 General Purpose

-

[ (x-Original); (SHA-1) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
FIPS 186-2
-[ (x-Original); (SHA-1) ]

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

-

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

-

Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

-

Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

FIPS 186-2
-[ (x-Change Notice); (SHA-1) ]

-

FIPS 186-2 General Purpose
-[ (x-Change Notice); (SHA-1) ]

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

-

Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

-

Windows Vista RNG implementation #321

FIPS 186-2 General Purpose
-[ (x-Change Notice); (SHA-1) ]

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

-

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

-

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

-

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

-

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

FIPS 186-2
-[ (x-Change Notice); (SHA-1) ]

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

-

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314

- - -#### RSA - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #2677

-

Version 10.0.15063.674

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 240 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676

-

Version 10.0.16299

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub RSA32 Algorithm Implementations #2675

-

Version 10.0.15063.674

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674

-

Version 10.0.16299

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673

-

Version 10.0.15254

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Public Key Exponent: Fixed (10001)
        • -
      • Provable Primes with Conditions:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.3
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #2672

-

Version 10.0.15063.674

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Probable Random Primes:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.2
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671

-

Version 10.0.15063.674

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Probable Random Primes:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.2
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670

-

Version 10.0.15254

RSA:

-
    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Public Key Exponent: Fixed (10001)
        • -
      • Provable Primes with Conditions:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.3
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669

-

Version 10.0.15254

    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Public Key Exponent: Fixed (10001)
        • -
      • Provable Primes with Conditions:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.3
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668

-

Version 10.0.16299

    -
  • 186-4:
    • -
    • -
    • Key Generation:
      • -
      • -
      • Probable Random Primes:
        • -
        • -
        • Mod lengths: 2048, 3072 (bits)
          • -
        • Primality Tests: C.2
          • -
        • -
      • -
    • Signature Generation PKCS1.5:
      • -
      • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Generation PSS:
      • -
      • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • Signature Verification PKCS1.5:
      • -
      • -
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • -
      • -
    • Signature Verification PSS:
      • -
      • -
      • Mod 1024:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 496 (bits)
          • -
        • -
      • Mod 2048:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • Mod 3072:
        • -
        • -
        • SHA-1: Salt Length: 160 (bits)
          • -
        • SHA-256: Salt Length: 256 (bits)
          • -
        • SHA-384: Salt Length: 384 (bits)
          • -
        • SHA-512: Salt Length: 512 (bits)
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667

-

Version 10.0.16299

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
-SHA Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

-

Version 10.0.15063

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

-

Version 10.0.15063

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val#3790
-DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

-

Version 10.0.15063

FIPS186-4:
-186-4KEY(gen):
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

-

Version 10.0.15063

FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652

-

FIPS186-4:
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

-

Version 7.00.2872

FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651

-

FIPS186-4:
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

-

Version 8.00.6246

FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649

-

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val# 3649
-DRBG: Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

-

Version 7.00.2872

FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648

-

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3648
-DRBG: Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

-

Version 8.00.6246

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))

-

SHA Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

-

Version 10.0.14393

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

-

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

-

Version 10.0.14393

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#3346

soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

-

Version 10.0.14393

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

-

Version 10.0.14393

FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

-

Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

-

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

-

Version 10.0.14393

FIPS186-4:
-186-4KEY(gen):  FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

-

SHA Val# 3047 DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

-

Version 10.0.10586

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#3048

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

-

Version 10.0.10586

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

-

Version 10.0.10586

FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

-

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

-

Version 10.0.10586

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

-

SHA Val# 2886 DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

-

Version 10.0.10240

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

-

Version 10.0.10240

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

-

Version 10.0.10240

FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

-

SHA Val# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

-

Version 10.0.10240

FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

-

SHA Val#2373 DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

-

Version 6.3.9600

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

-

Version 6.3.9600

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

-

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

-

Version 6.3.9600

FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

-

SHA Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

-

Version 6.3.9600

FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
-SHA #1903

-

Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA #1903 DRBG: #258		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

Windows Server 2008 R2 and SP1 CNG algorithms #567

-

Windows 7 and SP1 CNG algorithms #560

FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
FIPS186-2:
-ALG[ANSIX9.31]:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

Windows Server 2008 CNG algorithms #358

-

Windows Vista SP1 CNG algorithms #357

FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

-

Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.		Windows Vista RSA key generation implementation #258
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.		Windows Vista CNG algorithms #257
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]:
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

FIPS186-2:

-

– PKCS#1 v1.5, signature generation and verification

-

– Mod sizes: 1024, 1536, 2048, 3072, 4096

-

– SHS: SHA–1/256/384/512

Windows XP, vendor-affirmed

-

Windows 2000, vendor-affirmed

- - -#### Secure Hash Standard (SHS) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • SHA-1:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-256:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-384:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-512:
    • -
    • -
    • Supports Empty Message
      • -
    • -

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011

-

Version 10.0.15063.674

    -
  • SHA-1:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-256:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-384:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-512:
    • -
    • -
    • Supports Empty Message
      • -
    • -

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010

-

Version 10.0.15254

    -
  • SHA-1:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-256:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-384:
    • -
    • -
    • Supports Empty Message
      • -
    • -
  • SHA-512:
    • -
    • -
    • Supports Empty Message
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009

-

Version 10.0.16299

SHA-1      (BYTE-only)
-SHA-256  (BYTE-only)
-SHA-384  (BYTE-only)
-SHA-512  (BYTE-only)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790

-

Version 10.0.15063

SHA-1      (BYTE-only)
-SHA-256  (BYTE-only)
-SHA-384  (BYTE-only)
-SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652

-

Version 7.00.2872

SHA-1      (BYTE-only)
-SHA-256  (BYTE-only)
-SHA-384  (BYTE-only)
-SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651

-

Version 8.00.6246

SHA-1      (BYTE-only)
-SHA-256  (BYTE-only)
-SHA-384  (BYTE-only)
-SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649

-

Version 7.00.2872

SHA-1      (BYTE-only)
-SHA-256  (BYTE-only)
-SHA-384  (BYTE-only)
-SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648

-

Version 8.00.6246

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
-Version 10.0.14393
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
-Version 10.0.14393
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
-Version 10.0.10586
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
-Version 10.0.10586
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
-Version 10.0.10240
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
-Version 10.0.10240
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
-Version 6.3.9600
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
-Version 6.3.9600

SHA-1 (BYTE-only)

-

SHA-256 (BYTE-only)

-

SHA-384 (BYTE-only)

-

SHA-512 (BYTE-only)

-

Implementation does not support zero-length (null) messages.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

-

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

-

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

-

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

SHA-1 (BYTE-only)

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

-

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

-

Windows Vista Symmetric Algorithm Implementation #618

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)

Windows Vista BitLocker Drive Encryption #737

-

Windows Vista Beta 2 BitLocker Drive Encryption #495

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

-

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

SHA-1 (BYTE-only)

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

-

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

-

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

-

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

-

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

-

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

-

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

-

Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

-

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305

SHA-1 (BYTE-only)

Windows XP Microsoft Enhanced Cryptographic Provider #83

-

Crypto Driver for Windows 2000 (fips.sys) #35

-

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

-

Windows 2000 RSAENH.DLL #24

-

Windows 2000 RSABASE.DLL #23

-

Windows NT 4 SP6 RSAENH.DLL #21

-

Windows NT 4 SP6 RSABASE.DLL #20

- - -#### Triple DES - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    -
  • TDES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB64:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558

-

Version 10.0.15063.674

    -
  • TDES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB64:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557

-

Version 10.0.15254

    -
  • TDES-CBC:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB64:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-CFB8:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -
  • TDES-ECB:
    • -
    • -
    • Modes: Decrypt, Encrypt
      • -
    • Keying Option: 1
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556

-

Version 10.0.16299

TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

-

Version 10.0.15063

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

-

Version 8.00.6246

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

-

Version 8.00.6246

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, ) ;

-

CTR ( int only )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

-

Version 7.00.2872

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

-

Version 8.00.6246

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, ) ;

-

TCFB8( KO 1 e/d, ) ;

-

TCFB64( KO 1 e/d, )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
-
-

-

Version 10.0.14393

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, ) ;

-

TCFB8( KO 1 e/d, ) ;

-

TCFB64( KO 1 e/d, )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
-
-

-

Version 10.0.10586

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, ) ;

-

TCFB8( KO 1 e/d, ) ;

-

TCFB64( KO 1 e/d, )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
-
-

-

Version 10.0.10240

TECB( KO 1 e/d, ) ;

-

TCBC( KO 1 e/d, ) ;

-

TCFB8( KO 1 e/d, ) ;

-

TCFB64( KO 1 e/d, )

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

-

Version 6.3.9600

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 ) ;

-

TCFB8( e/d; KO 1,2 ) ;

-

TCFB64( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 ) ;

-

TCFB8( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 ) ;

-

TCFB8( e/d; KO 1,2 )

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 ) ;

-

TCFB8( e/d; KO 1,2 )

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 ) ;

-

TCFB8( e/d; KO 1,2 )

Windows Vista Symmetric Algorithm Implementation #549
Triple DES MAC

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed

-

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed

TECB( e/d; KO 1,2 ) ;

-

TCBC( e/d; KO 1,2 )

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308

-

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

-

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

-

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

-

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

-

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

-

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

-

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

-

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542

-

Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

-

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

-

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

-

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

-

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365

-

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

-

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

-

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

-

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192

-

Windows XP Microsoft Enhanced Cryptographic Provider #81

-

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18

-

Crypto Driver for Windows 2000 (fips.sys) #16

- - -#### SP 800-132 Password Based Key Derivation Function (PBKDF) - - - - - - - - - - - - - - -
- Modes / States / Key Sizes - - Algorithm Implementation and Certificate # -
- PBKDF (vendor affirmed) -

 Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)

-

Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

-

Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)

-

Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)

-
- PBKDF (vendor affirmed) -

Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

-

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed

-
- - -#### Component Validation List - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Publication / Component Validated / DescriptionImplementation and Certificate #
    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

-

Version 6.3.9600

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Microsoft Surface Hub Virtual TPM Implementations #1519

-

Version 10.0.15063.674

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518

-

Version 10.0.16299

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

-

Version 10.0.15063.674

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Microsoft Surface Hub MsBignum Cryptographic Implementations #1516

-

Version 10.0.15063.674

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

 Prerequisite: DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1515

-

Version 10.0.15063.674

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514

-

Version 10.0.15063.674

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513

-

Version 10.0.15063.674

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512

-

Version 10.0.15063.674

    -
  • IKEv1:
    • -
    • -
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • -
    • Pre-shared Key Length: 64-2048
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, HMAC #3269

-
    -
  • IKEv2:
    • -
    • -
    • Derived Keying Material length: 192-1792
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4011, HMAC #3269

-
    -
  • TLS:
    • -
    • -
    • Supports TLS 1.0/1.1
      • -
    • Supports TLS 1.2:
      • -
      • -
      • SHA Functions: SHA-256, SHA-384
        • -
      • -
    • -
-

Prerequisite: SHS #4011, HMAC #3269

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511

-

Version 10.0.15063.674

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510

-

Version 10.0.15254

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509

-

Version 10.0.15254

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508

-

Version 10.0.15254

    -
  • IKEv1:
    • -
    • -
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • -
    • Pre-shared Key Length: 64-2048
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, HMAC #3268

-
    -
  • IKEv2:
    • -
    • -
    • Derived Keying Material length: 192-1792
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4010, HMAC #3268

-
    -
  • TLS:
    • -
    • -
    • Supports TLS 1.0/1.1
      • -
    • Supports TLS 1.2:
      • -
      • -
      • SHA Functions: SHA-256, SHA-384
        • -
      • -
    • -
-

Prerequisite: SHS #4010, HMAC #3268

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507

-

Version 10.0.15254

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506

-

Version 10.0.15254

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505

-

Version 10.0.15254

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504

-

Version 10.0.15254

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503

-

Version 10.0.16299

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502

-

Version 10.0.16299

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501

-

Version 10.0.16299

    -
  • ECDSA SigGen:
    • -
    • -
    • P-256 SHA: SHA-256
      • -
    • P-384 SHA: SHA-384
      • -
    • P-521 SHA: SHA-512
      • -
    • -
-

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499

-

Version 10.0.16299

    -
  • RSADP:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498

-

Version 10.0.16299

-

 

    -
  • RSASP1:
    • -
    • -
    • Modulus Size: 2048 (bits)
      • -
    • Padding Algorithms: PKCS 1.5
      • -
    • -

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497

-

Version 10.0.16299

    -
  • IKEv1:
    • -
    • -
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • -
    • Pre-shared Key Length: 64-2048
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, HMAC #3267

-
    -
  • IKEv2:
    • -
    • -
    • Derived Keying Material length: 192-1792
      • -
    • Diffie-Hellman shared secrets:
      • -
      • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 2048 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 256 (bits)
          • -
        • SHA Functions: SHA-256
          • -
        • -
      • Diffie-Hellman shared secret:
        • -
        • -
        • Length: 384 (bits)
          • -
        • SHA Functions: SHA-384
          • -
        • -
      • -
    • -
-

Prerequisite: SHS #4009, HMAC #3267

-
    -
  • TLS:
    • -
    • -
    • Supports TLS 1.0/1.1
      • -
    • Supports TLS 1.2:
      • -
      • -
      • SHA Functions: SHA-256, SHA-384
        • -
      • -
    • -
-

Prerequisite: SHS #4009, HMAC #3267

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

-

Version 10.0.16299

FIPS186-4 ECDSA

-

Signature Generation of hash sized messages

-

ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
-Version 10.0. 15063

-

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
-Version 10.0. 15063

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
-Version 10.0.14393

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
-Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
-Version 10.0.10586

-

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
-Version 6.3.9600

FIPS186-4 RSA; PKCS#1 v2.1

-

RSASP1 Signature Primitive

-

RSASP1: (Mod2048: PKCS1.5 PKCSPSS)

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
-Version 10.0.15063

-

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
-Version 10.0.15063

-

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
-Version 10.0.15063

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
-Version 10.0.14393

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
-Version 10.0.14393

-

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
-Version 10.0.10586

-

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
-Version  10.0.10240

-

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
-Version 6.3.9600

FIPS186-4 RSA; RSADP

-

RSADP Primitive

-

RSADP: (Mod2048)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
-Version 10.0.15063

-

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
-Version 10.0.15063

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
-Version 10.0.14393

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
-Version 10.0.14393

-

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
-Version 10.0.10586

-

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
-Version  10.0.10240

SP800-135

-

Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

-

Version 10.0.16299

-

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
-Version 10.0.15063

-

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
-Version 7.00.2872

-

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
-Version 8.00.6246

-

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
-Version 10.0.14393

-

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
-Version 10.0.10586

-

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
-Version  10.0.10240

-

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
-Version 6.3.9600

- - -## References - -\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules - -\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ - -\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) - -\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths - -## Additional Microsoft References - -Enabling FIPS mode - - -Cipher Suites in Schannel - [https://msdn.microsoft.com/library/aa374757(VS.85).aspx](https://msdn.microsoft.com/library/aa374757\(vs.85\).aspx) - +--- +title: FIPS 140 Validation +description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. +ms.prod: w10 +audience: ITPro +author: dulcemontemayor +ms.author: dansimp +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium +ms.date: 11/05/2019 +ms.reviewer: +--- + +# FIPS 140-2 Validation + +## FIPS 140-2 standard overview + +The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. + +The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. + +## Microsoft’s approach to FIPS 140-2 validation + +Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. + +## Using Windows in a FIPS 140-2 approved mode of operation + +Windows 10 and Windows server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.” Achieving this mode of operation requires administrators to complete all four steps outlined below. + +### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed + +Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release. + +### Step 2: Ensure all security policies for all cryptographic modules are followed + +Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module. + +### Step 3: Enable the FIPS security policy + +Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). + +### Step 4: Ensure only FIPS validated cryptographic algorithms are used + +Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode. + +## Frequently asked questions + +### How long does it take to certify cryptographic modules? + +Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors. + +### When does Microsoft undertake a FIPS 140 validation? + +The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules. + +### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? + +“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. + +### I need to know if a Windows service or application is FIPS 140-2 validated. + +The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. + +### What does "When operated in FIPS mode" mean on a certificate? + +This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. + +### What is the relationship between FIPS 140-2 and Common Criteria? + +These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. + +### How does FIPS 140 relate to Suite B? + +Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard. + +## Microsoft FIPS 140-2 validated cryptographic modules + +The following tables identify the cryptographic modules used in an operating system, organized by release. + +## Modules used by Windows + +##### Windows 10 Spring 2018 Update (Version 1803) + +Validated Editions: Home, Pro, Enterprise, Education + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
+ +##### Windows 10 Fall Creators Update (Version 1709) + +Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
+ +##### Windows 10 Creators Update (Version 1703) + +Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.15063#3095

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.15063#3094

#3094

+

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

Boot Manager10.0.15063#3089

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

+

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader10.0.15063#3090

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

+

Other algorithms: NDRNG

Windows Resume[1]10.0.15063#3091FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter[2]10.0.15063#3092FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll)10.0.15063#3093

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3]10.0.15063#3096

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

+ + +\[1\] Applies only to Home, Pro, Enterprise, Education and S + +\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub + +\[3\] Applies only to Pro, Enterprise Education and S + +##### Windows 10 Anniversary Update (Version 1607) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.14393#2937

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.14393#2936

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

Boot Manager10.0.14393#2931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.14393#2932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)[1]10.0.14393#2933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[2]10.0.14393#2934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.14393#2935

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

Secure Kernel Code Integrity (skci.dll)[3]10.0.14393#2938

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

+ + +\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile + +\[3\] Applies only to Pro, Enterprise and Enterprise LTSB + +##### Windows 10 November 2015 Update (Version 1511) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10586#2606

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10586#2605

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

Boot Manager[4]10.0.10586#2700FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[5]10.0.10586#2701FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[6]10.0.10586#2702FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[7]10.0.10586#2703FIPS Approved algorithms: AES (Certs. #3653)
Code Integrity (ci.dll)10.0.10586#2604

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

Secure Kernel Code Integrity (skci.dll)[8]10.0.10586#2607

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

+ + +\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub + +\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub + +\[6\] Applies only to Home, Pro and Enterprise + +\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub + +\[8\] Applies only to Enterprise and Enterprise LTSB + +##### Windows 10 (Version 1507) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10240#2606

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10240#2605

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

Boot Manager[9]10.0.10240#2600FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[10]10.0.10240#2601FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[11]10.0.10240#2602FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[12]10.0.10240#2603FIPS Approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll)10.0.10240#2604

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

Secure Kernel Code Integrity (skci.dll)[13]10.0.10240#2607

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

+ + +\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[12\] Applies only to Pro, Enterprise and Enterprise LTSB + +\[13\] Applies only to Enterprise and Enterprise LTSB + +##### Windows 8.1 + +Validated Editions: RT, Pro, Enterprise, Phone, Embedded + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.17031#2357

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.17042#2356

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager6.3.9600 6.3.9600.17031#2351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.17031#2352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[14]6.3.9600 6.3.9600.17031#2353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)6.3.9600 6.3.9600.17031#2354FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.17031#2355#2355

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5

+

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

+ + +\[14\] Applies only to Pro, Enterprise, and Embedded 8. + +##### Windows 8 + +Validated Editions: RT, Home, Pro, Enterprise, Phone + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.9200#1892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.9200#1891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.9200#1895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.9200#1896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)[15]6.2.9200#1898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.9200#1899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A
Code Integrity (CI.DLL)6.2.9200#1897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.9200#1893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.9200#1894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +\[15\] Applies only to Home and Pro + +**Windows 7** + +Validated Editions: Windows 7, Windows 7 SP1 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)

6.1.7600.16385

+

6.1.7601.17514

1329FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Kernel Mode Cryptographic Primitives Library (cng.sys)

6.1.7600.16385

+

6.1.7600.16915

+

6.1.7600.21092

+

6.1.7601.17514

+

6.1.7601.17725

+

6.1.7601.17919

+

6.1.7601.21861

+

6.1.7601.22076

1328FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Boot Manager

6.1.7600.16385

+

6.1.7601.17514

1319FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
+
+Other algorithms: MD5
Winload OS Loader (winload.exe)

6.1.7600.16385

+

6.1.7600.16757

+

6.1.7600.20897

+

6.1.7600.20916

+

6.1.7601.17514

+

6.1.7601.17556

+

6.1.7601.21655

+

6.1.7601.21675

1326FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5
BitLocker™ Drive Encryption

6.1.7600.16385

+

6.1.7600.16429

+

6.1.7600.16757

+

6.1.7600.20536

+

6.1.7600.20873

+

6.1.7600.20897

+

6.1.7600.20916

+

6.1.7601.17514

+

6.1.7601.17556

+

6.1.7601.21634

+

6.1.7601.21655

+

6.1.7601.21675

1332FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser
Code Integrity (CI.DLL)

6.1.7600.16385

+

6.1.7600.17122

+

6.1.7600.21320

+

6.1.7601.17514

+

6.1.7601.17950

+

6.1.7601.22108

1327FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.1.7600.16385
+(no change in SP1)		1331FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH.DLL)6.1.7600.16385
+(no change in SP1)		1330FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Vista SP1 + +Validated Editions: Ultimate Edition + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000 and 6.0.6002.18005978FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596979FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005980FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228691000

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228721001

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051002

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051003

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

+ + +##### Windows Vista + +Validated Editions: Ultimate Edition + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider (RSAENH)6.0.6000.16386893FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6000.16386894FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.0.6000.16386947FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+
+Other algorithms: Elephant Diffuser
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067891FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
+ + +##### Windows XP SP3 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.1.2600.5512997

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

+

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.1.2600.5507990

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH)5.1.2600.5507989

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

+

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

+ + +##### Windows XP SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
DSS/Diffie-Hellman Enhanced Cryptographic Provider5.1.2600.2133240

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

+

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider5.1.2600.2161238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

+ + +##### Windows XP SP1 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Microsoft Enhanced Cryptographic Provider5.1.2600.1029238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

+ + +##### Windows XP + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module5.1.2600.0241

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

+

Other algorithms: DES (Cert. #89)

+ + +##### Windows 2000 SP3 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2195.3665 [SP3])

+

(Base: 5.0.2195.3839 [SP3])

+

(DSS/DH Enh: 5.0.2195.3665 [SP3])

+

(Enh: 5.0.2195.3839 [SP3]

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS:

+

5.0.2195.2228 [SP2])

+

(Base:

+

5.0.2195.2228 [SP2])

+

(DSS/DH Enh:

+

5.0.2195.2228 [SP2])

+

(Enh:

+

5.0.2195.2228 [SP2])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 SP1 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2150.1391 [SP1])

+

(Base: 5.0.2150.1391 [SP1])

+

(DSS/DH Enh: 5.0.2150.1391 [SP1])

+

(Enh: 5.0.2150.1391 [SP1])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.2150.176

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

+ + +##### Windows 95 and Windows 98 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.1877.6 and 5.0.1877.775

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

+

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

+ + +##### Windows NT 4.0 + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base Cryptographic Provider5.0.1877.6 and 5.0.1877.768FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+
+Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
+ +## Modules used by Windows Server + +##### Windows Server (Version 1803) + +Validated Editions: Standard, Datacenter + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
+ +##### Windows Server (Version 1709) + +Validated Editions: Standard, Datacenter + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
+ +##### Windows Server 2016 + +Validated Editions: Standard, Datacenter, Storage Server + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.143932937FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.143932936FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager10.0.143932931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.143932932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)10.0.143932933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)10.0.143932934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.143932935FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5
Secure Kernel Code Integrity (skci.dll)10.0.143932938FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5
+ + +##### Windows Server 2012 R2 + +Validated Editions: Server, Storage Server, + +**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.170312357FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.170422356FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.3.9600 6.3.9600.170312351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.170312352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[16]6.3.9600 6.3.9600.170312353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[17]6.3.9600 6.3.9600.170312354FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.170312355FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5
+ + +\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** + +\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** + +**Windows Server 2012** + +Validated Editions: Server, Storage Server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.92001892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.92001891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.92001895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.92001896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)6.2.92001898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.92001899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A
Code Integrity (CI.DLL)6.2.92001897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.92001893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.92001894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Server 2008 R2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.175141321FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Winload OS Loader (winload.exe)6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216751333FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221081334FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Kernel Mode Cryptographic Primitives Library (cng.sys)6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220761335FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Cryptographic Primitives Library (bcryptprimitives.dll)66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.175141336FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
Enhanced Cryptographic Provider (RSAENH)6.1.7600.163851337FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.1.7600.163851338FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216751339FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser
+ + +##### Windows Server 2008 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224971004FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: N/A
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225961005FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051006FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228691007FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228721008FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051009FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051010FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Server 2003 SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.3959875

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.3959869

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

+

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH)5.2.3790.3959868

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

+

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+ + +##### Windows Server 2003 SP1 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.1830 [SP1]405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.1830 [Service Pack 1])382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.1830 [Service Pack 1]381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

+

[1] x86
+[2] SP1 x86, x64, IA64

+ + +##### Windows Server 2003 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.0405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.0382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.0381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

+

[1] x86
+[2] SP1 x86, x64, IA64

+ + +#### Other Products + +##### Windows Embedded Compact 7 and Windows Embedded Compact 8 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider7.00.2872 [1] and 8.00.6246 [2]2957

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

+

Allowed algorithms: HMAC-MD5; MD5; NDRNG

Cryptographic Primitives Library (bcrypt.dll)7.00.2872 [1] and 8.00.6246 [2]2956

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

+

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

+ + + +##### Windows CE 6.0 and Windows Embedded Compact 7 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider6.00.1937 [1] and 7.00.1687 [2]825

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

+

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

+ + +##### Outlook Cryptographic Provider + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Outlook Cryptographic Provider (EXCHCSP)SR-1A (3821)SR-1A (3821)110

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

+ + + +### Cryptographic Algorithms + +The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate. + +### Advanced Encryption Standard (AES) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-OFB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +

Microsoft Surface Hub Virtual TPM Implementations #4904

+

Version 10.0.15063.674

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-OFB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

+

Version 10.0.16299

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902

+

Version 10.0.15063.674

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901

+

Version 10.0.15254

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • IV Generation: External
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

+

Version 10.0.16299

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4902

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

+

Version 10.0.15063.674

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4901

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

+

Version 10.0.15254

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

+

Version 10.0.16299

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4902

Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

+

Version 10.0.15063.674

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4901

Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

+

Version 10.0.15254

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

+

Version 10.0.16299

CBC ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

OFB ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627

+

Version 10.0.15063

KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#4624

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

+

Version 10.0.15063

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#4624

+

 

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

+

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

+

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

+

IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported

+

GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

+

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434

+

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433

+

Version 8.00.6246

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431

+

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430

+

Version 8.00.6246

CBC ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

OFB ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074

+

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

+

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
+Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )

+

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

+

Version 10.0.14393

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

+

Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

+

Version 10.0.10586

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

+

Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
+Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
+
+

+

Version 10.0.10586

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#3497

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

+

Version 10.0.10240

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#3497

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

+

Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
+Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
+Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853

+

Version 6.3.9600

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#2832

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

+

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

+

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

+

IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
+OtherIVLen_Supported
+GMAC_Supported

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

+

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#2197

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
+AES Val#2197

+

GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
+GMAC_Supported

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#2196

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#1168

Windows Server 2008 R2 and SP1 CNG algorithms #1187

+

Windows 7 Ultimate and SP1 CNG algorithms #1178

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+AES Val#1168		Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168

GCM

+

GMAC

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

Windows Server 2008 CNG algorithms #757

+

Windows Vista Ultimate SP1 CNG algorithms #756

CBC ( e/d; 128 , 256 );

+

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate BitLocker Drive Encryption #715

+

Windows Vista Ultimate BitLocker Drive Encryption #424

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

+

Windows Vista Symmetric Algorithm Implementation #553

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

+

Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

+

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

+

Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

+

Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

+

Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33

+ + +Deterministic Random Bit Generator (DRBG) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function not used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4904

Microsoft Surface Hub Virtual TPM Implementations #1734

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function not used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4903

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733

+

Version 10.0.16299

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4902

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4901

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731

+

Version 10.0.15254

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730

+

Version 10.0.16299

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

+

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

+

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

+

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

+

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

+

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

+

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

+

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

+

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

+

Version 10.0.10586

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

+

Version 10.0.10240

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

+

Version 6.3.9600

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
DRBG (SP 800–90)Windows Vista Ultimate SP1, vendor-affirmed
+ + +#### Digital Signature Algorithm (DSA) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303

+

Version 10.0.15063.674

    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        •  
          • +
        •  
          • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302

+

Version 10.0.15254

    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301

+

Version 10.0.16299

FIPS186-4:

+

PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]

+

PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

KeyPairGen:   [ (2048,256) ; (3072,256) ]

+

SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]

+

SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val#3790

+

DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

+

Version 10.0.15063

FIPS186-4:
+PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SHS: Val# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

+

Version 7.00.2872

FIPS186-4:
+PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SHS: Val#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

+

Version 8.00.6246

FIPS186-4:
+PQG(gen)PARMS TESTED: [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 3347
+DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

+

Version 10.0.14393

FIPS186-4:
+PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
+KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 3047
+DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

+

Version 10.0.10586

FIPS186-4:
+PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 2886
+DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

+

Version 10.0.10240

FIPS186-4:
+PQG(gen)PARMS TESTED:   [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 2373
+DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

+

Version 6.3.9600

FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1903
+DRBG: #258

+

FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1902
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

Windows Server 2008 R2 and SP1 CNG algorithms #391

+

Windows 7 Ultimate and SP1 CNG algorithms #386

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+RNG: Val# 649
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

+

Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

Windows Server 2008 CNG algorithms #284

+

Windows Vista Ultimate SP1 CNG algorithms #283

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+RNG: Val# 435
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

Windows Server 2008 Enhanced DSS (DSSENH) #282

+

Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

Windows Vista CNG algorithms #227

+

Windows Vista Enhanced DSS (DSSENH) #226

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 784
+RNG: Val# 448
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.		Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 783
+RNG: Val# 447
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 611
+RNG: Val# 314		Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 385		Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
FIPS186-2:
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 181
+
+		Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SHS: SHA-1 (BYTE)
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE)

Windows 2000 DSSENH.DLL #29

+

Windows 2000 DSSBASE.DLL #28

+

Windows NT 4 SP6 DSSENH.DLL #26

+

Windows NT 4 SP6 DSSBASE.DLL #25

FIPS186-2: PRIME;
+FIPS186-2:

+

KEYGEN(Y):
+SHS: SHA-1 (BYTE)

+

SIG(gen):
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE)

Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
+ + +#### Elliptic Curve Digital Signature Algorithm (ECDSA) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #2373, DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

+

Version 6.3.9600

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384
          • +
        • Generation Methods: Testing Candidates
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #1253

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384
          • +
        • Generation Methods: Testing Candidates
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252

+

Version 10.0.16299

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1251

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249

+

Version 10.0.15254

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248

+

Version 10.0.15254

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247

+

Version 10.0.16299

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246

+

Version 10.0.16299

FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val# 3649
+DRBG:Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

+

Version 7.00.2872

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val#3648
+DRBG:Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

+

Version 8.00.6246

FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+PKV: CURVES( P-256 P-384 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )

+

SHS: Val# 3347
+DRBG: Val# 1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

+

Version 10.0.14393

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 3347
+DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

+

Version 10.0.14393

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 3047
+DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

+

Version 10.0.10586

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 2886
+DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

+

Version 10.0.10240

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val#2373
+DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

+

Version 6.3.9600

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258
+SIG(ver):CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258

+

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193

+

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

Windows Server 2008 R2 and SP1 CNG algorithms #142

+

Windows 7 Ultimate and SP1 CNG algorithms #141

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

Windows Server 2008 CNG algorithms #83

+

Windows Vista Ultimate SP1 CNG algorithms #82

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.		Windows Vista CNG algorithms #60
+ + +#### Keyed-Hash Message Authentication Code (HMAC) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4011

Microsoft Surface Hub Virtual TPM Implementations #3271

+

Version 10.0.15063.674

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270

+

Version 10.0.16299

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4011

Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269

+

Version 10.0.15063.674

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4010

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268

+

Version 10.0.15254

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes &lt; Block Size
      • +
    • Key Sizes &gt; Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267

+

Version 10.0.16299

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

+

Version 10.0.15063

HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

+

Version 10.0.15063

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

+

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

+

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

+

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

+

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val# 3347

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3347

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

+

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

+

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

+

Version 10.0.10586

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHSVal# 2886

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHSVal# 2886

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+ SHSVal# 2886

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHSVal# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

+

Version 10.0.10240

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

+

Version 6.3.9600

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

+

Version 5.2.29344

HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902

+

HMAC-SHA256 ( Key Size Ranges Tested: KS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

+

Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

Windows Server 2008 R2 and SP1 CNG algorithms #686

+

Windows 7 and SP1 CNG algorithms #677

+

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

+

Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

+

Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

+

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753

Windows Server 2008 CNG algorithms #413

+

Windows Vista Ultimate SP1 CNG algorithms #412

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737

Windows Vista Ultimate BitLocker Drive Encryption #386

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista CNG algorithms #298

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578

Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495

Windows Vista BitLocker Drive Encryption #199
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

+

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
+ + +#### Key Agreement Scheme (KAS) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Full Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #150

+

Version 10.0.15063.674

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Full Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149

+

Version 10.0.16299

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DSA #1303, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #148

+

Version 10.0.15063.674

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DSA #1302, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147

+

Version 10.0.15254

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DSA #1301, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146

+

Version 10.0.16299

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]

+

SHS Val#3790
+DSA Val#1135
+DRBG Val#1556

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

+

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val#3790
+DSA Val#1223
+DRBG Val#1555

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3790
+ECDSA Val#1133
+DRBG Val#1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

+

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val# 3649
+DSA Val#1188
+DRBG Val#1430

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115

+

Version 7.00.2872

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhHybridOneFlow ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val#3648
+DSA Val#1187
+DRBG Val#1429

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3648
+ECDSA Val#1072
+DRBG Val#1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

+

Version 8.00.6246

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
+SCHEMES  [ FullUnified  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]

+

SHS Val# 3347 ECDSA Val#920 DRBG Val#1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

+

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
+SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 3347 DSA Val#1098 DRBG Val#1217

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

+

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 3047 DSA Val#1024 DRBG Val#955

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 3047 ECDSA Val#760 DRBG Val#955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

+

Version 10.0.10586

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 2886 DSA Val#983 DRBG Val#868

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 2886 ECDSA Val#706 DRBG Val#868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

+

Version 10.0.10240

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val#2373 DSA Val#855 DRBG Val#489

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val#2373 ECDSA Val#505 DRBG Val#489

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

+

Version 6.3.9600

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS #1903 DSA Val#687 DRBG #258

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
+[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS #1903 ECDSA Val#341 DRBG #258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36

KAS (SP 800–56A)

+

key agreement

+

key establishment methodology provides 80 to 256 bits of encryption strength

Windows 7 and SP1, vendor-affirmed

+

Windows Server 2008 R2 and SP1, vendor-affirmed

+ + +SP 800-108 Key-Based Key Derivation Functions (KBKDF) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • Counter:
    • +
    • +
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • +
    • +
+

MAC prerequisite: HMAC #3271

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: DRBG #1734, KAS #150

Microsoft Surface Hub Virtual TPM Implementations #161

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • +
    • +
+

MAC prerequisite: HMAC #3270

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: DRBG #1733, KAS #149

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160

+

Version 10.0.16299

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4902, HMAC #3269

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
  • K prerequisite: KAS #148
    • +
+

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4901, HMAC #3268

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: KAS #147

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158

+

Version 10.0.15254

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4897, HMAC #3267

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: KAS #146

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157

+

Version 10.0.16299

CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#128
+DRBG Val#1556
+MAC Val#3062

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

+

Version 10.0.15063

CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#127
+AES Val#4624
+DRBG Val#1555
+MAC Val#3061

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

+

Version 10.0.15063

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#93 DRBG Val#1222 MAC Val#2661

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

+

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

+

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

+

Version 10.0.10586

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

+

Version 10.0.10240

CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

DRBG Val#489 MAC Val#1773

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

+

Version 6.3.9600

CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

DRBG #258 HMAC Val#1345

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
+ + +Random Number Generator (RNG) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #

FIPS 186-2 General Purpose

+

[ (x-Original); (SHA-1) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
FIPS 186-2
+[ (x-Original); (SHA-1) ]

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

+

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

+

Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

+

Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]

+

FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ]

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

+

Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

+

Windows Vista RNG implementation #321

FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ]

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

+

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

+

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314

+ + +#### RSA + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #2677

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 240 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676

+

Version 10.0.16299

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub RSA32 Algorithm Implementations #2675

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674

+

Version 10.0.16299

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673

+

Version 10.0.15254

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #2672

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670

+

Version 10.0.15254

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669

+

Version 10.0.15254

    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668

+

Version 10.0.16299

    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667

+

Version 10.0.16299

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

+

Version 10.0.15063

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

+

Version 10.0.15063

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

+

Version 10.0.15063

FIPS186-4:
+186-4KEY(gen):
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

+

Version 10.0.15063

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652

+

FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

+

Version 7.00.2872

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651

+

FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

+

Version 8.00.6246

FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649

+

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val# 3649
+DRBG: Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

+

Version 7.00.2872

FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648

+

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3648
+DRBG: Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

+

Version 8.00.6246

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))

+

SHA Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

+

Version 10.0.14393

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

+

Version 10.0.14393

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#3346

soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

+

Version 10.0.14393

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

+

Version 10.0.14393

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

+

Version 10.0.14393

FIPS186-4:
+186-4KEY(gen):  FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 3047 DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

+

Version 10.0.10586

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#3048

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

+

Version 10.0.10586

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

+

Version 10.0.10586

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

+

Version 10.0.10586

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 2886 DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

+

Version 10.0.10240

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

+

Version 10.0.10240

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

+

Version 10.0.10240

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

+

Version 10.0.10240

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val#2373 DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

+

Version 6.3.9600

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
+SHA #1903

+

Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA #1903 DRBG: #258		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

Windows Server 2008 R2 and SP1 CNG algorithms #567

+

Windows 7 and SP1 CNG algorithms #560

FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
FIPS186-2:
+ALG[ANSIX9.31]:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

Windows Server 2008 CNG algorithms #358

+

Windows Vista SP1 CNG algorithms #357

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

+

Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.		Windows Vista RSA key generation implementation #258
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.		Windows Vista CNG algorithms #257
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]:
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

FIPS186-2:

+

– PKCS#1 v1.5, signature generation and verification

+

– Mod sizes: 1024, 1536, 2048, 3072, 4096

+

– SHS: SHA–1/256/384/512

Windows XP, vendor-affirmed

+

Windows 2000, vendor-affirmed

+ + +#### Secure Hash Standard (SHS) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011

+

Version 10.0.15063.674

    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010

+

Version 10.0.15254

    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009

+

Version 10.0.16299

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790

+

Version 10.0.15063

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652

+

Version 7.00.2872

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651

+

Version 8.00.6246

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649

+

Version 7.00.2872

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648

+

Version 8.00.6246

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
+Version 10.0.14393
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
+Version 10.0.14393
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
+Version 10.0.10586
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
+Version 10.0.10586
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
+Version 10.0.10240
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
+Version 10.0.10240
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
+Version 6.3.9600
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
+Version 6.3.9600

SHA-1 (BYTE-only)

+

SHA-256 (BYTE-only)

+

SHA-384 (BYTE-only)

+

SHA-512 (BYTE-only)

+

Implementation does not support zero-length (null) messages.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

+

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

+

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

SHA-1 (BYTE-only)

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

+

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

+

Windows Vista Symmetric Algorithm Implementation #618

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)

Windows Vista BitLocker Drive Encryption #737

+

Windows Vista Beta 2 BitLocker Drive Encryption #495

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

SHA-1 (BYTE-only)

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

+

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

+

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

+

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

+

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

+

Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

+

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305

SHA-1 (BYTE-only)

Windows XP Microsoft Enhanced Cryptographic Provider #83

+

Crypto Driver for Windows 2000 (fips.sys) #35

+

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

+

Windows 2000 RSAENH.DLL #24

+

Windows 2000 RSABASE.DLL #23

+

Windows NT 4 SP6 RSAENH.DLL #21

+

Windows NT 4 SP6 RSABASE.DLL #20

+ + +#### Triple DES + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558

+

Version 10.0.15063.674

    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557

+

Version 10.0.15254

    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556

+

Version 10.0.16299

TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

+

Version 10.0.15063

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

CTR ( int only )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

+

Version 7.00.2872

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
+
+

+

Version 10.0.14393

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
+
+

+

Version 10.0.10586

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
+
+

+

Version 10.0.10240

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

+

Version 6.3.9600

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 ) ;

+

TCFB64( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows Vista Symmetric Algorithm Implementation #549
Triple DES MAC

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed

+

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 )

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308

+

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

+

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

+

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

+

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542

+

Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

+

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

+

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

+

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365

+

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

+

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

+

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192

+

Windows XP Microsoft Enhanced Cryptographic Provider #81

+

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18

+

Crypto Driver for Windows 2000 (fips.sys) #16

+ + +#### SP 800-132 Password Based Key Derivation Function (PBKDF) + + + + + + + + + + + + + + +
+ Modes / States / Key Sizes + + Algorithm Implementation and Certificate # +
+ PBKDF (vendor affirmed) +

 Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)

+

Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

+

Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)

+

Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)

+
+ PBKDF (vendor affirmed) +

Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

+

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed

+
+ + +#### Component Validation List + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Publication / Component Validated / DescriptionImplementation and Certificate #
    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

+

Version 6.3.9600

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub Virtual TPM Implementations #1519

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub MsBignum Cryptographic Implementations #1516

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

 Prerequisite: DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1515

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514

+

Version 10.0.15063.674

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512

+

Version 10.0.15063.674

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510

+

Version 10.0.15254

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509

+

Version 10.0.15254

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508

+

Version 10.0.15254

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507

+

Version 10.0.15254

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506

+

Version 10.0.15254

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505

+

Version 10.0.15254

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504

+

Version 10.0.15254

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502

+

Version 10.0.16299

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501

+

Version 10.0.16299

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498

+

Version 10.0.16299

+

 

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497

+

Version 10.0.16299

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

+

Version 10.0.16299

FIPS186-4 ECDSA

+

Signature Generation of hash sized messages

+

ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
+Version 10.0. 15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
+Version 10.0. 15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
+Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
+Version 10.0.10586

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
+Version 6.3.9600

FIPS186-4 RSA; PKCS#1 v2.1

+

RSASP1 Signature Primitive

+

RSASP1: (Mod2048: PKCS1.5 PKCSPSS)

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
+Version 10.0.15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
+Version  10.0.10240

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
+Version 6.3.9600

FIPS186-4 RSA; RSADP

+

RSADP Primitive

+

RSADP: (Mod2048)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
+Version 10.0.15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
+Version  10.0.10240

SP800-135

+

Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

+

Version 10.0.16299

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
+Version 10.0.15063

+

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
+Version 7.00.2872

+

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
+Version 8.00.6246

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
+Version  10.0.10240

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
+Version 6.3.9600

+ + +## References + +\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules + +\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ + +\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) + +\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths \ No newline at end of file From 0d4bd84597d84c0659bcf132abab4cbb8d09c409 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Tue, 5 Nov 2019 17:44:37 -0800 Subject: [PATCH 52/98] CAT Auto Pulish for Windows Release Messages - 20191105172713 (#1508) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20191105153638 (#1507) * Update ReleaseInfo Page overview text (#1504) Updating the release information page overview text --- windows/release-information/index.md | 10 ++++------ ...ues-windows-10-1809-and-windows-server-2019.yml | 2 -- .../release-information/status-windows-10-1507.yml | 10 ++++++++++ ...tus-windows-10-1607-and-windows-server-2016.yml | 10 ++++++++++ .../release-information/status-windows-10-1709.yml | 10 ++++++++++ .../release-information/status-windows-10-1803.yml | 10 ++++++++++ ...tus-windows-10-1809-and-windows-server-2019.yml | 10 ++++++++++ .../release-information/status-windows-10-1903.yml | 14 ++++++++++++-- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++++++ ...atus-windows-8.1-and-windows-server-2012-r2.yml | 10 ++++++++++ .../status-windows-server-2008-sp2.yml | 10 ++++++++++ .../status-windows-server-2012.yml | 10 ++++++++++ 12 files changed, 106 insertions(+), 10 deletions(-) diff --git a/windows/release-information/index.md b/windows/release-information/index.md index 5f7b5e22f9..c6eba252f9 100644 --- a/windows/release-information/index.md +++ b/windows/release-information/index.md @@ -3,7 +3,7 @@ title: Windows 10 - release information description: Learn release information for Windows 10 releases keywords: ["Windows 10", "Windows 10 October 2018 Update"] ms.prod: w10 -layout: LandingPage +layout: LandingPage ms.topic: landing-page ms.mktglfcycl: deploy ms.sitesec: library @@ -11,6 +11,7 @@ author: lizap ms.author: elizapo ms.localizationpriority: high --- + # Windows 10 release information Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel. They will be serviced with monthly quality updates for 18 or 30 months from the date of the release, depending on the lifecycle policy. @@ -19,14 +20,11 @@ We recommend that you begin deployment of each Semi-Annual Channel release immed For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853). ->[!NOTE] ->Beginning with Windows 10, version 1903, this page will no longer list Semi-Annual Channel (Targeted) information for version 1903 and future feature updates. Instead, you will find a single entry for each Semi-Annual Channel release. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523). - +> [!NOTE] +> Beginning with Windows 10, version 1903, you will find a [single entry for each SAC release](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).

- - diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index d8ce5f8d4a..fb8c792d7a 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -54,7 +54,6 @@ sections:
Zone transfers over TCP may fail
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

See details >OS Build 17763.475

May 03, 2019
KB4495667Resolved
KB4494441May 14, 2019
10:00 AM PT
Latest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.

See details >OS Build 17763.475

May 03, 2019
KB4495667Resolved
May 08, 2019
03:37 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

See details >OS Build 17763.437

April 09, 2019
KB4493509Resolved
May 08, 2019
03:30 PM PT -
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application.

See details >OS Build 17763.379

March 12, 2019
KB4489899Resolved
KB4495667May 03, 2019
10:00 AM PT " @@ -140,7 +139,6 @@ sections: text: " -
DetailsOriginating updateStatusHistory
Issue using PXE to start a device from WDS
After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4503327.

Back to top		OS Build 17763.379

March 12, 2019
KB4489899		Resolved
KB4503327		Resolved:
June 11, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
After installing KB4489899, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites
  1. Go to Tools > Internet options > Security.
  2. Within Select a zone to view of change security settings, select Local intranet and then select Enable Protected Mode.
  3. Select Trusted Sites and then select Enable Protected Mode
  4. Select OK.
You must restart the browser after making these changes.

Resolution: This issue is resolved in KB4495667.

Back to top		OS Build 17763.379

March 12, 2019
KB4489899		Resolved
KB4495667		Resolved:
May 03, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index be4512cee7..0e940b2321 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 10240.18368

October 08, 2019
KB4520011		Mitigated External
November 05, 2019
03:36 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 10240.18334

September 23, 2019
KB4522009		Resolved
KB4520011		October 08, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -72,6 +73,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 10240.18368

October 08, 2019
KB4520011		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index c75ec5b5a9..d3cf6d65f2 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -74,6 +75,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
November 05, 2019
03:36 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 14393.3206

September 23, 2019
KB4522010		Resolved
KB4519998		October 08, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 4b805689da..01a0e958ec 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -73,6 +74,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 16299.1451

October 08, 2019
KB4520004		Mitigated External
November 05, 2019
03:36 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Mitigated
October 29, 2019
05:15 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 16299.1392

September 23, 2019
KB4522012		Resolved
KB4520004		October 08, 2019
10:00 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 16299.1451

October 08, 2019
KB4520004		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: October 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 9f994933b5..4fa63b7381 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -79,6 +80,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17134.1069

October 08, 2019
KB4520008		Mitigated External
November 05, 2019
03:36 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Mitigated
October 29, 2019
05:15 PM PT
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Resolved
KB4519978		October 15, 2019
10:00 AM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved
KB4519978		October 15, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 17134.1069

October 08, 2019
KB4520008		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: October 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index e26bde9233..fcc5aa3645 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -81,6 +82,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17763.805

October 08, 2019
KB4519338		Mitigated External
November 05, 2019
03:36 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17763.737

September 10, 2019
KB4512578		Mitigated
October 29, 2019
05:15 PM PT
Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.

See details >		OS Build 17763.832

October 15, 2019
KB4520062		Investigating
October 18, 2019
04:23 PM PT
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4520062		October 15, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 17763.805

October 08, 2019
KB4519338		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: October 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 01ae8568a1..d0dd443d7e 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -73,7 +74,7 @@ sections: - +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 18362.418

October 08, 2019
KB4517389		Mitigated External
November 05, 2019
03:36 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Mitigated
October 29, 2019
05:15 PM PT
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4501375		June 27, 2019
10:00 AM PT
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
KB4517389		October 08, 2019
10:00 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 18362.357

September 23, 2019
KB4522016		Resolved
KB4517389		October 08, 2019
10:00 AM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
04:28 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
August 01, 2019
06:27 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
KB4505903		August 01, 2019
06:27 PM PT
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:47 PM PT
" @@ -85,6 +86,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		OS Build 18362.418

October 08, 2019
KB4517389		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: October 2019 - items: - type: markdown @@ -131,7 +141,7 @@ sections:
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:
        \"Close other apps, error code: 0XA00F4243.”

To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4501375 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4501375Resolved:
June 27, 2019
10:00 AM PT

Opened:
May 21, 2019
07:20 AM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You will need to install a Realtek driver version greater than 1.5.1011.0.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next steps: Microsoft is working with Realtek to release new drivers for all affected system via Windows Update.

October 25, 2019 note This issue was previously grouped with the Qualcomm radio issue, which is now resolved. There is no change to this issue except to remove reference to Qualcomm.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated
Last updated:
October 25, 2019
04:21 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated External
Last updated:
August 01, 2019
08:44 PM PT

Opened:
May 21, 2019
07:13 AM PT -
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated
Last updated:
August 01, 2019
06:27 PM PT

Opened:
May 21, 2019
07:28 AM PT +
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated
KB4505903Last updated:
August 01, 2019
06:27 PM PT

Opened:
May 21, 2019
07:28 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Workaround:
On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

Note We recommend you do not attempt to update your devices until newer device drivers are installed.

Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:22 AM PT " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index e1dbec18dc..1f8aaa76bb 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516048		Resolved
KB4519976		October 08, 2019
10:00 AM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
@@ -72,6 +73,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4519976		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 6b30adb9b0..e0f869f26a 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -73,6 +74,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520005		Mitigated External
November 05, 2019
03:36 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516041		Resolved
KB4520005		October 08, 2019
10:00 AM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4520005		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 0df1e85294..9e2992e255 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520002		Mitigated External
November 05, 2019
03:36 PM PT
Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

See details >		September 10, 2019
KB4474419		Resolved
KB4474419		September 23, 2019
10:00 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516030		Resolved
KB4520002		October 08, 2019
10:00 AM PT
@@ -72,6 +73,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4520002		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index e05f9d92b9..560b75a79f 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -73,6 +74,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520007		Mitigated External
November 05, 2019
03:36 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516069		Resolved
KB4520007		October 08, 2019
10:00 AM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
+ +
DetailsOriginating updateStatusHistory
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4520007		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
+ " + - title: September 2019 - items: - type: markdown From 5894d78c3c8b6bd27a0ab4fd01e20d55a699243b Mon Sep 17 00:00:00 2001 From: Brian Date: Wed, 6 Nov 2019 09:13:29 -0500 Subject: [PATCH 53/98] Minor language change in second sentence Original : when it is not IS use Proposed : when it is not IN use --- windows/configuration/set-up-shared-or-guest-pc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 139dcce1bb..95cf9806b1 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -36,7 +36,7 @@ It is intended that shared PCs are joined to an Active Directory or Azure Active When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days. ### Maintenance and sleep -Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not is use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. +Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates. From b22cbe23b940032ee6ea5e4d62f9b31fc2124888 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 6 Nov 2019 10:44:42 -0500 Subject: [PATCH 54/98] Update configure-server-endpoints.md adding space inbtween NOTEs --- .../configure-server-endpoints.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 03653f97f8..45538af5d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -28,7 +28,7 @@ ms.topic: article - Windows Server, 2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink) Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console. @@ -43,8 +43,8 @@ The service supports the onboarding of the following servers: For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128). ->[!NOTE] ->An Azure Security Center Standard license is required, per node, to enroll Microsoft Defender ATP on a supported Windows Server platform, see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services) +> [!NOTE] +> An Azure Security Center Standard license is required, per node, to enroll Microsoft Defender ATP on a supported Windows Server platform, see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services) ## Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 @@ -73,19 +73,19 @@ You'll need to take the following steps if you choose to onboard servers through - For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients. - >[!NOTE] - >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. +> [!NOTE] +> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. - Turn on server monitoring from Microsoft Defender Security Center. - If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). ->[!TIP] +> [!TIP] > After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). ### Configure and update System Center Endpoint Protection clients ->[!IMPORTANT] ->This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2. +> [!IMPORTANT] +> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2. Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. @@ -141,8 +141,8 @@ Agent Resource | Ports ## Windows Server, version 1803 and Windows Server 2019 To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below. ->[!NOTE] ->The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). +> [!NOTE] +> The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). Supported tools include: - Local script @@ -184,15 +184,15 @@ Microsoft Defender ATP integrates with Azure Security Center to provide a compre The following capabilities are included in this integration: - Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding). - >[!NOTE] - > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016. +> [!NOTE] +> Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016. - Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console. - Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach ->[!IMPORTANT] ->- When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default. ->- If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time. +> [!IMPORTANT] +> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default. +> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time. @@ -203,8 +203,8 @@ For other server versions, you have two options to offboard servers from the ser - Uninstall the MMA agent - Remove the Microsoft Defender ATP workspace configuration ->[!NOTE] ->Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months. +> [!NOTE] +> Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months. ### Uninstall servers by uninstalling the MMA agent To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Microsoft Defender ATP. From 3d2365c80984380edbbf684ab2a52f76c3f9bd2f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 6 Nov 2019 09:43:00 -0800 Subject: [PATCH 55/98] spaces and links --- ...endpoint-detection-response-mac-preview.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index e0e7253afa..18f3479e90 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -1,7 +1,6 @@ --- -title: Microsoft Defender ATP for Mac -ms.reviewer: -description: Describes how to install and use Microsoft Defender ATP for Mac. +title: Enable Microsoft Defender ATP Insider Machine +description: Install and use Microsoft Defender ATP for Mac. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -43,7 +42,7 @@ a. Create configuration profile com.microsoft.wdav.plist with the following cont ``` -b. From the JAMF console, navigate to **Computers > Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. +b. From the JAMF console, navigate to  **Computers > Configuration Profiles**, navigate to the configuration profile you'd like to use, then select  **Custom Settings**. c. Create an entry with com.microsoft.wdav as the preference domain and upload the .plist created earlier. @@ -109,9 +108,9 @@ a. Create configuration profile com.microsoft.wdav.plist with the following cont ``` -b. Open **Manage > Device configuration**. Select **Manage > Profiles > Create Profile**. +b. Open  **Manage > Device configuration**. Select  **Manage > Profiles > Create Profile**. -c. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**. +c. Choose a name for the profile. Change  **Platform=macOS**  to  **Profile type=Custom**. Select  **Configure**. d. Save the .plist created earlier as com.microsoft.wdav.xml. @@ -119,9 +118,9 @@ e. Enter com.microsoft.wdav as the custom configuration profile name. f. Open the configuration profile and upload com.microsoft.wdav.xml. This file was created in step 1. -g. Select **OK**. +g. Select  **OK**. -h. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +h. Select  **Manage > Assignments**. In the  **Include**  tab, select  **Assign to All Users & All devices**. >[!WARNING] >You must enter the correct custom configuration profile name, otherwise these preferences will not be recognized by the product. @@ -142,7 +141,7 @@ To verify you are running the correct version, run ‘mdatp --health’ on the m * The required version is 100.72.15 or later. * If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running ‘defaults read com.microsoft.autoupdate2’ from terminal. -* To change update settings use documentation in Update Office for Mac automatically. +* To change update settings use documentation in [Update Office for Mac automatically](https://support.office.com/article/update-office-for-mac-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1). * If you are not using Office for Mac, download and run the AutoUpdate tool. ### A machine still does not appear on Microsoft Defender Security Center @@ -151,4 +150,4 @@ After a successful deployment and onboarding of the correct version, check that * Check that you enabled the early preview flag. In terminal run “mdatp –health” and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”. -If you followed the manual deployment instructions, you were prompted to enable Kernel Extensions. Pay attention to the “System Extension note” in the manual deployment documentation and use the “Manual Deployment” section in the troubleshoot kernel extension documentation. \ No newline at end of file +If you followed the manual deployment instructions, you were prompted to enable Kernel Extensions. Pay attention to the “System Extension note” in the [manual deployment documentation](mac-install-manually.md#application-installation) and use the “Manual Deployment” section in the [troubleshoot kernel extension documentation](mac-support-kext.md#manual-deployment). \ No newline at end of file From 3427cfb7a99247a90831227ffb5540904ed5616d Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 6 Nov 2019 10:43:31 -0800 Subject: [PATCH 56/98] updated edr code --- .../microsoft-defender-atp/mac-resources.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index d8e6a4dfff..ad4bf7ef53 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -94,9 +94,9 @@ Important tasks, such as controlling product settings and triggering on-demand s |Protection |Do a full scan |`mdatp --scan --full` | |Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | |Protection |Request a security intelligence update |`mdatp --definition-update` | -|EDR |Turn on/off EDR preview for Mac |`mdatp --early-preview [true/false]` | -|EDR |Add group tag to machine. EDR tags are used for managing machine groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --set-tag GROUP [name]` | -|EDR |Remove group tag from machine |`mdatp --remove-tag [name]` | +|EDR |Turn on/off EDR preview for Mac |`mdatp --edr --early-preview [true/false]` | +|EDR |Add group tag to machine. EDR tags are used for managing machine groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp --edr --set-tag GROUP [name]` | +|EDR |Remove group tag from machine |`mdatp --edr --remove-tag [name]` | ## Microsoft Defender ATP portal information From e7b48f2ab4adf515f3ece2791cb2f0c4fbdac7e5 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 12:16:47 -0800 Subject: [PATCH 57/98] added EDR for Mac items --- .../microsoft-defender-atp-mac.md | 31 ++++++++++--------- .../microsoft-defender-atp/preview.md | 2 ++ .../whats-new-in-microsoft-defender-atp.md | 3 ++ 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index f073ddf397..8b166a59ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -27,11 +27,14 @@ This topic describes how to install, configure, update, and use Microsoft Defend ## What’s new in the latest release -[What's new](mac-whatsnew.md) +[What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md) -If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**. +[What's new in Microsoft Defender ATP for Mac](mac-whatsnew.md) -To learn how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine, go to [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md) +> [!TIP] +> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**. + +To configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine, see [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md). ## How to install Microsoft Defender ATP for Mac @@ -45,13 +48,13 @@ To learn how to configure a macOS machine running Microsoft Defender ATP to be a There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. -* Third-party management tools: - * [Microsoft Intune-based deployment](mac-install-with-intune.md) - * [JAMF-based deployment](mac-install-with-jamf.md) - * [Other MDM products](mac-install-with-other-mdm.md) +- Third-party management tools: + - [Microsoft Intune-based deployment](mac-install-with-intune.md) + - [JAMF-based deployment](mac-install-with-jamf.md) + - [Other MDM products](mac-install-with-other-mdm.md) -* Command-line tool: - * [Manual deployment](mac-install-manually.md) +- Command-line tool: + - [Manual deployment](mac-install-manually.md) ### System requirements @@ -91,9 +94,9 @@ $ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'http The output from this command should be similar to the following: -> `OK https://x.cp.wd.microsoft.com/api/report` -> -> `OK https://cdn.x.cp.wd.microsoft.com/ping` + `OK https://x.cp.wd.microsoft.com/api/report` + + `OK https://cdn.x.cp.wd.microsoft.com/ping` > [!CAUTION] > We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default. @@ -105,9 +108,7 @@ $ mdatp --connectivity-test ## How to update Microsoft Defender ATP for Mac -Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. - -To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) +Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) ## How to configure Microsoft Defender ATP for Mac diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 90e4e88018..6d4a1e101e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -42,6 +42,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: +- [Endpoint detection and response for Mac devices](endpoint-detection-response-mac-preview.md). Recently, [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md) released. Expanding on the protection available in Microsoft Defender ATP for Mac, endpoint detection and response capabilities are now in preview. + - [Threat & Vulnerability Management Report inaccuracy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy)
You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy), [software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory#report-inaccuracy), and [discovered vulnerabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses#report-inaccuracy). - [Threat & Vulnerability Management Advanced Hunting Schemas](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table)
You can now use the Threat & Vulnerability Management tables in the Advanced hunting schema to query about software inventory, vulnerability knowledgebase, security configuration assessment, and security configuration knowledgebase. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index e58d48a928..658a41d9f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -27,6 +27,9 @@ The following features are generally available (GA) in the latest release of Mic For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection). +## November 2019 + +- [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md)
Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. ([Endpoint detection and response is currently in preview](preview.md).) ## October 2019 From 3be5049af8fc76542e021413d7c53a3d68334fc7 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 12:28:40 -0800 Subject: [PATCH 58/98] EDR for Mac --- .../endpoint-detection-response-mac-preview.md | 4 +++- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index 18f3479e90..f04ac11ea7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -19,7 +19,9 @@ ms.topic: conceptual # Enable Microsoft Defender ATP Insider Machine -The following instructions specify how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine. For scale deployment we recommend using Jamf, or Intune. +Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these features, you must set up your Mac machine to be an "Insider" machine. + +This article describes how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine. For scale deployment we recommend using Jamf, or Intune. >[!IMPORTANT] >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 8b166a59ef..c64de21b8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -34,7 +34,7 @@ This topic describes how to install, configure, update, and use Microsoft Defend > [!TIP] > If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**. -To configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine, see [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md). +To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac machines), configure your macOS machine running Microsoft Defender ATP to be an "Insider" machine. See [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md). ## How to install Microsoft Defender ATP for Mac From bfcc87142bcf8c2ba456fe53391462569b38ef16 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 12:30:47 -0800 Subject: [PATCH 59/98] Update endpoint-detection-response-mac-preview.md --- .../endpoint-detection-response-mac-preview.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index f04ac11ea7..94b0798855 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -19,9 +19,7 @@ ms.topic: conceptual # Enable Microsoft Defender ATP Insider Machine -Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these features, you must set up your Mac machine to be an "Insider" machine. - -This article describes how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine. For scale deployment we recommend using Jamf, or Intune. +Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac machine to be an "Insider" machine as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune). >[!IMPORTANT] >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions. From 9a92e6e4a666adc505ee2d3e98d4093b9649940a Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 12:35:05 -0800 Subject: [PATCH 60/98] Update TOC.md --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 65f80dda38..d086bdd50a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -321,6 +321,7 @@ #### [Update](microsoft-defender-atp/mac-updates.md) #### [Configure]() ##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md) +##### [Set up your Mac to receive Microsoft Defender ATP preview features](microsoft-defender-atp/endpoint-detection-response-mac-preview.md) ##### [Set preferences](microsoft-defender-atp/mac-preferences.md) ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md) #### [Troubleshoot]() From 95dd21a57f3008908d820cfa36d0ba323be14739 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 12:54:41 -0800 Subject: [PATCH 61/98] fixing insecure link --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index d086bdd50a..65f80dda38 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -321,7 +321,6 @@ #### [Update](microsoft-defender-atp/mac-updates.md) #### [Configure]() ##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md) -##### [Set up your Mac to receive Microsoft Defender ATP preview features](microsoft-defender-atp/endpoint-detection-response-mac-preview.md) ##### [Set preferences](microsoft-defender-atp/mac-preferences.md) ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md) #### [Troubleshoot]() From 4f5f11030907f70e4f7528f7f7b7cc0c3799cc59 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 13:06:07 -0800 Subject: [PATCH 62/98] fixing insecure links --- ThirdPartyNotices | 2 +- mdop/mbam-v25/deploy-mbam.md | 2 +- windows/client-management/troubleshoot-stop-errors.md | 4 ++-- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 2 +- .../microsoft-defender-atp/api-terms-of-use.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ThirdPartyNotices b/ThirdPartyNotices index a0bd09d68f..faceb5a528 100644 --- a/ThirdPartyNotices +++ b/ThirdPartyNotices @@ -7,7 +7,7 @@ see the [LICENSE](LICENSE) file, and grant you a license to any code in the repo Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. -Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653. +Microsoft's general trademark guidelines can be found at https://go.microsoft.com/fwlink/?LinkID=254653. Privacy information can be found at https://privacy.microsoft.com/en-us/ diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index cc24ad5c89..eefee88047 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -110,7 +110,7 @@ Choose a server that meets the hardware configuration as explained in the [MBAM .NET Framework Environment
Configuration APIs -For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](http://go.microsoft.com/fwlink/?linkid=392271). +For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](https://go.microsoft.com/fwlink/?linkid=392271). The next step is to create the required MBAM users and groups in Active Directory. diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 0c13fc8950..1c5061cc82 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -391,7 +391,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 8377 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_ndis!ndisqueueioworkitem FAILURE_ID_HASH: {10686423-afa1-4852-ad1b-9324ac44ac96} -FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96 +FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96 Followup: ndiscore --------- ``` @@ -564,7 +564,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 162bd ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_r_invalid_wwanusbmp!unknown_function FAILURE_ID_HASH: {31e4d053-0758-e43a-06a7-55f69b072cb3} -FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3 +FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3 Followup: MachineOwner --------- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index cf2079e8e5..cf63fb2c17 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -107,7 +107,7 @@ Federation server proxies are computers that run AD FS software that have been c Use the [Setting of a Federation Proxy](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment. ### Deploy Azure AD Connect -Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). +Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771). When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-get-started-custom). Select the **Federation with AD FS** option on the **User sign-in** page. At the **AD FS Farm** page, select the use an existing option and click **Next**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index abb29a0a18..0f5cdfa98a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -27,7 +27,7 @@ ms.reviewer: You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. ## Deploy Azure AD Connect -Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). +Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771). > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md index e526a20669..1e42b10a63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md @@ -33,7 +33,7 @@ API calls per connection | 100 | 60 seconds Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file. -Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653. +Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at https://go.microsoft.com/fwlink/?LinkID=254653. Privacy information can be found at https://privacy.microsoft.com/en-us/ Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise. From 29656600ec5ddbb41314d8171e554461d3d30b01 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 13:07:01 -0800 Subject: [PATCH 63/98] fixing insecure links --- .../windows-information-protection/wip-learning.md | 2 +- .../microsoft-defender-atp/onboarding-notification.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 6edaaf0f7d..0320932593 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h ## Access the WIP Learning reports -1. Open the [Azure portal](http://portal.azure.com/). +1. Open the [Azure portal](https://portal.azure.com/). 1. Click **All services**, type **Intune** in the text box filter, and click the star to add it to **Favorites**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index ce96f68340..e403692a49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -55,11 +55,11 @@ You'll need to have access to: - Method: "GET" as a value to get the list of machines. - URI: Enter `https://api.securitycenter.windows.com/api/machines`. - Authentication: Select "Active Directory OAuth". - - Tenant: Sign-in to http://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. + - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. - Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\` - - Client ID: Sign-in to http://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Client ID value. + - Client ID: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Client ID value. - Credential Type: Select "Secret". - - Secret: Sign-in to http://portal.azure.com and navigate tnd navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. + - Secret: Sign-in to https://portal.azure.com and navigate tnd navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. ![Image of the HTTP conditions](images/http-conditions.png) From e208fbb6a22a2d7e95329d3b66cacc7c621d7ff7 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 13:08:05 -0800 Subject: [PATCH 64/98] fixing insecure links --- devices/surface-hub/surface-hub-site-readiness-guide.md | 4 ++-- ...eating-and-managing-app-v-50-virtualized-applications.md | 2 +- .../mdm/configuration-service-provider-reference.md | 4 ++-- windows/client-management/mdm/policy-ddf-file.md | 6 +++--- .../threat-protection/windows-platform-common-criteria.md | 6 +++--- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md index cf21867432..b3f42b32cf 100644 --- a/devices/surface-hub/surface-hub-site-readiness-guide.md +++ b/devices/surface-hub/surface-hub-site-readiness-guide.md @@ -99,8 +99,8 @@ There are three ways to mount your Surface Hub: For specifications on available mounts for the original Surface Hub, see the following: -- [Surface Hub Mounts and Stands Datasheet](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) -- [Surface Hub Stand and Wall Mount Specifications](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) +- [Surface Hub Mounts and Stands Datasheet](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) +- [Surface Hub Stand and Wall Mount Specifications](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) ## The Connect experience diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md index fda09c81df..56bd58a27e 100644 --- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md +++ b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md @@ -20,7 +20,7 @@ ms.date: 06/16/2016 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.0 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. **Note**   -For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). +For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 922ed015a1..68141ff2a5 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2699,8 +2699,8 @@ Additional lists: ## CSP DDF files download You can download the DDF files for various CSPs from the links below: -- [Download all the DDF files for Windows 10, version 1903](http://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1809](http://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index beb25c4bea..a5298bf190 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -20,10 +20,10 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy* You can view various Policy DDF files by clicking the following links: -- [View the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) -- [View the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml) +- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml) +- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml) - [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml) -- [View the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml) +- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml) - [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml) - [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml) - [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml) diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index f2d8e10f0a..6759df82d7 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -23,7 +23,7 @@ Microsoft is committed to optimizing the security of its products and services. The Security Target describes security functionality and assurance measures used to evaluate Windows. -- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf) +- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf) - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) @@ -60,7 +60,7 @@ These documents describe how to configure Windows to replicate the configuration **Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2** -- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf) +- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf) - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) @@ -137,7 +137,7 @@ These documents describe how to configure Windows to replicate the configuration An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team. -- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf) +- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf) - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) From 55d9dcde12f6e2b07ad0e882ccba115f7962a9f6 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Wed, 6 Nov 2019 13:26:09 -0800 Subject: [PATCH 65/98] General improvements to WDAC design guide topics --- .../TOC.md | 5 +- ...r-application-control-planning-document.md | 382 ------------------ ...pplication-control-management-processes.md | 240 ----------- ...defender-application-control-management.md | 74 ++-- ...ication-control-policy-design-decisions.md | 104 ++--- ...fender-application-control-design-guide.md | 14 +- 6 files changed, 71 insertions(+), 748 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md delete mode 100644 windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 607500f822..cdd0780c08 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -2,10 +2,8 @@ ## [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md) ### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) -### [Select the types of rules to create](select-types-of-rules-to-create.md) ### [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) -#### [Document your application control management processes](document-your-windows-defender-application-control-management-processes.md) -### [Create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md) +### [Select the types of rules to create](select-types-of-rules-to-create.md) @@ -37,6 +35,7 @@ ### [LOB Win32 Apps on S Mode](LOB-win32-apps-on-s.md) + ## [AppLocker](applocker\applocker-overview.md) ### [Administer AppLocker](applocker\administer-applocker.md) #### [Maintain AppLocker policies](applocker\maintain-applocker-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md deleted file mode 100644 index fe6ff0d10e..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md +++ /dev/null @@ -1,382 +0,0 @@ ---- -title: Create your Windows Defender Application Control (WDAC) planning document (Windows 10) -description: This planning topic for the IT professional summarizes the information you need to research and include in your WDAC planning document. -keywords: whitelisting, security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp -ms.date: 09/21/2017 ---- - -# Create your Windows Defender Application Control (WDAC) planning document - -**Applies to** -- Windows 10 -- Windows Server - -This planning topic for the IT professional summarizes the information you need to research and include in your WDAC planning document. - -## The WDAC deployment design - -The design process and the planning document help you investigate application usage in your organization and record your findings so you can effectively deploy and maintain application control policies by using WDAC. - -You should have completed these steps in the design and planning process: - -1. [Select types of rules to create](select-types-of-rules-to-create.md) -2. [Plan for WDAC policy management](document-your-windows-defender-application-control-management-processes.md) - -### WDAC planning document contents - -Your planning document should contain: - -- A list of business groups that will participate in the application control policy project, their requirements, a description of their business processes, and contact information. -- Application control policy project target dates, both for planning and deployment. -- A complete list of apps used by each business group (or organizational unit), including version information and installation paths. -- What condition to apply to rules governing each application (or whether to use the default set provided by WDAC). -- A strategy for using Group Policy to deploy the WDAC policies. -- A strategy in processing the application usage events generated by WDAC. -- A strategy to maintain and manage WDAC polices after deployment. - -### Sample template for an WDAC planning document - -You can use the following form to construct your own WDAC planning document. - -**Business group**: - -**Operating system environment**: (Windows and non-Windows) - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Contacts

Business contact:

Technical contact:

Other departments

In this business group:

Affected by this project:

Security policies

Internal:

Regulatory/compliance:

Business goals

Primary:

Secondary:

Project target dates

Design signoff date:

Policy deployment date:

- -Rules - - ----------- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupOrganizational unitImplement WDAC?AppsInstallation pathUse default rule or define new rule conditionAllow or denyGPO nameSupport policy

 

- -Event processing - - ------- - - - - - - - - - - - - - - - - - - -
Business groupWDAC event collection locationArchival policyAnalyzed?Security policy

 

- -Policy maintenance - - ------- - - - - - - - - - - - - - - - - - - -
Business groupRule update policyApp decommission policyApp version policyApp deployment policy

 

Planned:

-

Emergency:

- -### Example of a WDAC planning document - -**Rules** - - ----------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupOrganizational unitImplement WDAC?ApplicationsInstallation pathUse default rule or define new rule conditionAllow or denyGPO nameSupport policy

Bank Tellers

Teller-East and Teller-West

Yes

Teller Software

C:\Program Files\Woodgrove\Teller.exe

File is signed; create a publisher condition

Allow

Tellers-WDACTellerRules

Web help

Windows files

-

C:\Windows

Create a path exception to the default rule to exclude \Windows\Temp

Allow

Help desk

Human Resources

HR-All

Yes

Check Payout

C:\Program Files\Woodgrove\HR\Checkcut.exe

File is signed; create a publisher condition

Allow

HR-WDACHRRules

Web help

Time Sheet Organizer

C:\Program Files\Woodgrove\HR\Timesheet.exe

File is not signed; create a file hash condition

Allow

Web help

Internet Explorer 7

C:\Program Files\Internet Explorer</p>

File is signed; create a publisher condition

Deny

Web help

-

Windows files

C:\Windows

Use the default rule for the Windows path

Allow

Help desk

- -Event processing - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupWDAC event collection locationArchival policyAnalyzed?Security policy

Bank Tellers

Forwarded to: WDAC Event Repository on srvBT093

Standard

None

Standard

Human Resources

DO NOT FORWARD. srvHR004

60 months

Yes, summary reports monthly to managers

Standard

- -Policy maintenance - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupRule update policyApp decommission policyApp version policyApp deployment policy

Bank Tellers

Planned: Monthly through business office triage

-

Emergency: Request through help desk

Through business office triage

-

30-day notice required

General policy: Keep past versions for 12 months

-

List policies for each application

Coordinated through business office

-

30-day notice required

Human Resources

Planned: Monthly through HR triage

-

Emergency: Request through help desk

Through HR triage

-

30-day notice required

General policy: Keep past versions for 60 months

-

List policies for each application

Coordinated through HR

-

30-day notice required

- -### Additional resources - -- [Windows Defender Application Control](windows-defender-application-control.md) - - diff --git a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md deleted file mode 100644 index 59b632cbb8..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md +++ /dev/null @@ -1,240 +0,0 @@ ---- -title: Document your application control management processes (Windows 10) -description: This planning topic describes the WDAC policy maintenance information to record for your design document. -keywords: whitelisting, security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp -ms.topic: conceptual -ms.date: 09/21/2017 ---- - -# Document your application control management processes - -**Applies to** -- Windows 10 -- Windows Server - -This planning topic describes the Windows Defender Application Control (WDAC) policy maintenance information to record for your design document. - -## Record your findings - -To complete this planning document, you should first complete the following steps: - -3. [Select the types of rules to create](select-types-of-rules-to-create.md) -4. [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) - -The three key areas to determine for WDAC policy management are: - -1. Support policy - - Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel know recommended troubleshooting steps and escalation points for your policy. - -2. Event processing - - Document whether events will be collected in a central location, how that store will be archived, and whether the events will be processed for analysis. - -3. Policy maintenance - - Detail how rules will be added to the policy, in which Group Policy Object (GPO) the rules should be defined, and how to modify rules when apps are retired, updated, or added. - -The following table contains the added sample data that was collected when determining how to maintain and manage WDAC policies. - - ----------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupOrganizational unitImplement WDAC?AppsInstallation pathUse default rule or define new rule conditionAllow or denyGPO nameSupport policy

Bank Tellers

Teller-East and Teller-West

Yes

Teller Software

C:\Program Files\Woodgrove\Teller.exe

File is signed; create a publisher condition

Allow

Tellers-WDACTellerRules

Web help

Windows files

-

C:\Windows

Create a path exception to the default rule to exclude \Windows\Temp

Allow

Help desk

Human Resources

HR-All

Yes

Check Payout

C:\Program Files\Woodgrove\HR\Checkcut.exe

File is signed; create a publisher condition

Allow

HR-WDACHRRules

Web help

Time Sheet Organizer

C:\Program Files\Woodgrove\HR\Timesheet.exe

File is not signed; create a file hash condition

Allow

Web help

Internet Explorer 7

C:\Program Files\Internet Explorer</p>

File is signed; create a publisher condition

Deny

Web help

-

Windows files

C:\Windows

Use the default rule for the Windows path

Allow

Help desk

- -The following two tables illustrate examples of documenting considerations to maintain and manage WDAC policies. - -**Event processing policy** - -One discovery method for app usage is to use Audit mode. This will write events to the CodeIntegrity log, which can be managed and analyzed like other Windows logs. - -The following table is an example of what to consider and record. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupWDAC event collection locationArchival policyAnalyzed?Security policy

Bank Tellers

Forwarded to: CodeIntegrity Event Repository on srvBT093

Standard

None

Standard

Human Resources

DO NOT FORWARD. srvHR004

60 months

Yes, summary reports monthly to managers

Standard

- -Policy maintenance policy -When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies. -The following table is an example of what to consider and record. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Business groupRule update policyApplication decommission policyApplication version policyApplication deployment policy

Bank Tellers

Planned: Monthly through business office triage

-

Emergency: Request through help desk

Through business office triage

-

30-day notice required

General policy: Keep past versions for 12 months

-

List policies for each application

Coordinated through business office

-

30-day notice required

Human Resources

Planned: Monthly through HR triage

-

Emergency: Request through help desk

Through HR triage

-

30-day notice required

General policy: Keep past versions for 60 months

-

List policies for each application

Coordinated through HR

-

30-day notice required

- -## Next steps - -After you determine your application control management strategy for each business group, [create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 546d20fa52..0bd975a746 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -17,20 +17,42 @@ manager: dansimp ms.date: 02/21/2018 --- -# Plan for Windows Defender Application Control policy management +# Plan for Windows Defender Application Control policy management **Applies to:** - Windows 10 -- Windows Server 2016 +- Windows Server 2016 and above -This topic for describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. +This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. -## Policy management +## Policy XML lifecycle management -Before you begin the deployment process, consider how the WDAC rules will be managed. Developing a process for managing WDAC rules helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. +Before you begin deploying WDAC, consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. -### Application and user support policy +### Keep WDAC policies in a source control or document management solution + +To effectively manage WDAC policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents. + +### Set PolicyName, PolicyID, and Version metadata for each policy + +Use the [Set-CIPolicyIDInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID. This should be done once per policy in order to differentiate them when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, we recommend using the -ResetPolicyId switch to let the system auto-generate a unique ID for the policy. + +In addition, we recommend using the [Set-CIPolicyVersion](https://docs.microsoft.com/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (e.g. "1.0.0.0"). + +### Policy rule updates + +As new apps are deployed or existing apps are updated by the software publisher, you may need to make revisions to your rules to ensure that these apps run correctly. Whether policy rule updates are required will depend significantly on the types of rules your policy includes. Rules based on codesigning certificates provide the most resiliency against app changes while rules based on file attributes or hash are most likely to require updates when apps change. Alternatively, if you leverage WDAC [managed installer](use-windows-defender-application-control-with-managed-installer.md) functionality and consistently deploy all apps and their updates through your managed installer, then you are less likely to need policy updates. + +## WDAC event management + +Each time that a process is blocked by WDAC, events will be written to either the CodeIntegrity\Operational or the AppLocker\MSI and Script Windows event logs. The event details which file tried to run, the attributes of that file and its signatures, and the process that attempted to run the blocked file. + +Collecting these events in a central location can help you maintain your WDAC policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012). + +Additionally, WDAC events are collected by [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature. + +## Application and user support policy Considerations include: @@ -39,7 +61,7 @@ Considerations include: - How are existing rules updated? - Are events forwarded for review? -**Help desk support** +### Help desk support If your organization has an established help desk support department in place, consider the following when deploying WDAC policies: @@ -48,49 +70,17 @@ If your organization has an established help desk support department in place, c - Who are the contacts in the support department? - How will the support department resolve application control issues between the end user and those who maintain the WDAC rules? -**End-user support** +### End-user support Because WDAC is preventing unapproved apps from running, it is important that your organization carefully plan how to provide end-user support. Considerations include: - Do you want to use an intranet site as a first line of support for users who have tried to run a blocked app? - How do you want to support exceptions to the policy? Will you allow users to run a script to temporarily allow access to a blocked app? -**WDAC event management** - -Each time that a process requests permission to run, WDAC creates an event in the CodeIntegrity log. The event details which file tried to run, the attributes of that file, and the user that initiated the request. - -Collecting these events in a central location can help you maintain your WDAC policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012). - -### Policy maintenance - -As new apps are deployed or existing apps are updated by the software publisher, you will need to make revisions to your rule collections to ensure that the policy is current. - -To ensure version control when modifying an WDAC policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013). -  -**New version of a supported app** - -When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you are using publisher conditions and the version is not specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app has not altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version—the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied. - -To determine whether a file has been modified during an app update, review the publisher's release details provided with the update package. You can also review the publisher's web page to retrieve this information. Each file can also be inspected to determine the version. - -For files that are allowed or denied with file hash conditions, you must retrieve the new file hash. To add support for a new version and maintain support for the older version, you can either create a new file hash rule for the new version or edit the existing rule and add the new file hash to the list of conditions. - -For files with path conditions, you should verify that the installation path has not changed from what is stated in the rule. If the path has changed, you need to update the rule before installing the new version of the app - -**Recently deployed app** - -To support a new app, you must add one or more rules to the existing WDAC policy. - -**App is no longer supported** - -If your organization has determined that it will no longer support an application that has WDAC rules associated with it, the easiest way to prevent users from running the app is to delete these rules. - -## Next steps +## Document your plan After deciding how your organization will manage your WDAC policy, record your findings. - **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the WDAC policy, if necessary. - **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis. -- **Policy maintenance.** Detail how rules will be added to the policy and in which GPO the rules are defined. - -For information and steps how to document your processes, see [Document your application control management processes](document-your-windows-defender-application-control-management-processes.md). +- **Policy management.** Detail what policies are planned, how they will be managed, and how rules will be maintained over time. diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 7992bb5142..5c5f924393 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -25,57 +25,56 @@ ms.date: 02/08/2018 **Applies to:** - Windows 10 -- Windows Server 2016 +- Windows Server 2016 and above -This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment. +This topic is for the IT professional and lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment. When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance. -You should consider using WDAC as part of your organization's application control policies if all the following are true: +You should consider using WDAC as part of your organization's application control policies if the following are true: -- You have deployed or plan to deploy the supported versions of Windows in your organization. +- You have deployed or plan to deploy the supported versions of Windows in your organization. - You need improved control over the access to your organization's applications and the data your users access. -- The number of applications in your organization is known and manageable. +- Your organization has a well-defined process for application management and deployed. - You have resources to test policies against the organization's requirements. - You have resources to involve Help Desk or to build a self-help process for end-user application access issues. - The group's requirements for productivity, manageability, and security can be controlled by restrictive policies. -The following questions are not in priority or sequential order. They should be considered when you deploy application control policies (as appropriate for your targeted environment). +## Decide what policies to create -### Which apps do you need to control in your organization? +Beginning with Windows 10, version 1903, WDAC allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. While this opens up many new use cases for organizations, your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. -You might need to control a limited number of apps because they access sensitive data, or you might have to exclude all applications except those that are sanctioned for business purposes. There might be certain business groups that require strict control, and others that promote independent application usage. +The following questions can help you plan your WDAC deployment. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. + +### How are apps managed and deployed in your organization? + +Organizations with well-defined, centrally-managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy WDAC with more relaxed rules or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization. | Possible answers | Design considerations| | - | - | -| Control all apps | WDAC policies control applications by creating an allowed list of applications. Exceptions are also possible. WDAC policies can only be applied to applications installed on computers running Windows 10 . | -| Control specific apps | When you create WDAC rules, a list of allowed apps are created. All apps on that list will be allowed to run (except those on the exception list). Apps that are not on the list will be prevented from running. WDAC policies can only be applied to apps installed on computers running Windows 10 or Windows Server 2016. | -|Control only Classic Windows applications, only Universal Windows apps, or both| WDAC policies control apps by creating an allowed list of apps based on code signing certificate and\or file hash information. Because Universal Windows apps are all signed by the Windows Store, Classic Windows applications and Universal Windows apps can be controlled together. WDAC policies for Universal Windows apps can be applied only to apps that are installed on PCs that support the Microsoft Store, but Classic Windows applications can be controlled with WDAC on Windows. The rules you currently have configured for Classic Windows applications can remain, and you can create new ones for Universal Windows apps.| -| Control apps by business group | WDAC policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). | -| Control apps by computer, not user | WDAC is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your WDAC planning. Otherwise, you will have to identify users, their computers, and their app access requirements.| -|Understand app usage, but there is no need to control any apps yet | WDAC policies can be set to audit app usage to help you track which apps are used in your organization. You can then use the CodeIntegrity log in Event Viewer to create WDAC policies.| +| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/en-us/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | +| Some apps are centrally managed and deployed, but teams can install additional apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can leverage managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Windows Defender Antivirus and SmartScreen) to allow only apps and binaries that have positive reputation. | +| Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| -### How do you currently control app usage in your organization? +### Are internally-developed line-of-business (LOB) apps and apps developed by 3rd parties digitally signed? -Most organizations have evolved app control policies and methods over time. With heightened security concerns and an emphasis on tighter IT control over desktop use, your organization might decide to consolidate app control practices or design a comprehensive application control scheme. WDAC includes improvements over AppLocker and SRP in the architecture and management of application control policies. +Traditional Win32 apps on Windows can run without being digitally signed. This practice can expose Windows devices to malicious or tampered code and presents a security vulnerability to your Windows devices. Adopting code-signing as part of your organization's app development practices or augmenting apps with signed catalog files as part of your app ingestion and distribution can greatly improve the integrity and security of apps used. | Possible answers | Design considerations | | - | - | -| Security polices (locally set or through Mobile Device Management (MDM) or Group Policy) | Using WDAC requires increased effort in planning to create correct policies, but this results in a simpler distribution method.| -| Non-Microsoft app control software | Using WDAC requires a complete app control policy evaluation and implementation.| -| Managed usage by group or OU | Using WDAC requires a complete app control policy evaluation and implementation.| -| Authorization Manager or other role-based access technologies | Using WDAC requires a complete app control policy evaluation and implementation.| -| Other | Using WDAC requires a complete app control policy evaluation and implementation.| +| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. WDAC rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | +| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can [use built-in Windows 10 tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific app catalog signatures to existing apps as a part of the app deployment process which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed app catalogs. | ### Are there specific groups in your organization that need customized application control policies? -Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. +Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. There is overhead in managing policies which may lead you to choose between broad, organization-wide policies and multiple team-specific policies. | Possible answers | Design considerations | | - | - | -| Yes | For each group, you need to create a list that includes their application control requirements. Although this may increase the planning time, it will most likely result in a more effective deployment.
If your GPO structure is not currently configured so that you can apply different policies to specific groups, you can alternatively apply WDAC rules in a GPO to specific user groups.| +| Yes | WDAC policies can be created unique per team, or team-specific supplemental policies can be used to expand what is allowed by a common, centrally-defined base policy.| | No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.| - + ### Does your IT department have resources to analyze application usage, and to design and manage the policies? The time and resources that are available to you to perform the research and analysis can affect the detail of your plan and processes for continuing policy management and maintenance. @@ -83,8 +82,8 @@ The time and resources that are available to you to perform the research and ana | Possible answers | Design considerations | | - | - | | Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are as simply constructed as possible.| -| No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. | - +| No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. | + ### Does your organization have Help Desk support? Preventing your users from accessing known, deployed, or personal applications will initially cause an increase in end-user support. It will be necessary to address the various support issues in your organization so security policies are followed and business workflow is not hampered. @@ -93,56 +92,3 @@ Preventing your users from accessing known, deployed, or personal applications w | - | - | | Yes | Involve the support department early in the planning phase because your users may inadvertently be blocked from using their applications, or they may seek exceptions to use specific applications. | | No | Invest time in developing online support processes and documentation before deployment. | - - -### Do you know what applications require restrictive policies? -Any successful application control policy implementation is based on your knowledge and understanding of app usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the apps that access that data. - -| Possible answers | Design considerations | -| - | - | -| Yes | You should determine the application control priorities for a business group and then attempt to design the simplest scheme for their application control policies. | -| No | You will have to perform an audit and requirements gathering project to discover the application usage. WDAC provides the means to deploy policies in audit mode.| - -### How do you deploy or sanction applications (upgraded or new) in your organization? - -Implementing a successful application control policy is based on your knowledge and understanding of application usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the applications that access that data. Understanding the upgrade and deployment policy will help shape the construction of the application control policies. - -| Possible answers | Design considerations | -| - | - | -| Ad hoc | You need to gather requirements from each group. Some groups might want unrestricted access or installation, while other groups might want strict controls.| -| Strict written policy or guidelines to follow | You need to develop WDAC rules that reflect those policies, and then test and maintain the rules. | -| No process in place | You need to determine if you have the resources to develop an application control policy, and for which groups. | - -### What are your organization's priorities when implementing application control policies? - -Some organizations will benefit from application control policies as shown by an increase in productivity or conformance, while others will be hindered in performing their duties. Prioritize these aspects for each group to allow you to evaluate the effectiveness of WDAC. - -| Possible answers | Design considerations | -| - | - | -| Productivity: The organization assures that tools work and required applications can be installed. | To meet innovation and productivity goals, some groups require the ability to install and run a variety of software from different sources, including software that they developed. Therefore, if innovation and productivity is a high priority, managing application control policies through an allowed list might be time consuming and an impediment to progress. | -| Management: The organization is aware of and controls the apps it supports. | In some business groups, application usage can be managed from a central point of control. WDAC policies can be built into a GPO for that purpose. This shifts the burden of app access to the IT department, but it also has the benefit of controlling the number of apps that can be run and controlling the versions of those apps| -| Security: The organization must protect data in part by ensuring that only approved apps are used. | WDAC can help protect data by allowing a defined set of users access to apps that access the data. If security is the top priority, the application control policies will be the most restrictive.| - -### How are apps currently accessed in your organization? - -WDAC is very effective for organizations that have application restriction requirements if they have environments with a simple topography and application control policy goals that are straightforward. For example, WDAC can benefit an environment where non-employees have access to computers that are connected to the organizational network, such as a school or library. Large organizations also benefit from WDAC policy deployment when the goal is to achieve a detailed level of control on the desktop computers with a relatively small number of applications to manage, or when the applications are manageable with a small number of rules. - -| Possible answers | Design considerations | -| - | - | -| Users run without administrative rights. | Apps are installed by using an installation deployment technology.| -| WDAC can help reduce the total cost of ownership for business groups that typically use a finite set of apps, such as human resources and finance departments. At the same time, these departments access highly sensitive information, much of which contains confidential and proprietary information. By using WDAC to create rules for specific apps that are allowed to run, you can help limit unauthorized applications from accessing this information.
**Note: **WDAC can also be effective in helping create standardized desktops in organizations where users run as administrators. | Users must be able to install applications as needed. -| Users currently have administrator access, and it would be difficult to change this.|Enforcing WDAC rules is not suited for business groups that must be able to install apps as needed and without approval from the IT department. If one or more OUs in your organization has this requirement, you can choose not to enforce application rules in those OUs by using WDAC or to implement the audit only enforcement setting.| - -### Is the structure in Active Directory Domain Services based on the organization's hierarchy? - -Designing application control policies based on an organizational structure that is already built into Active Directory Domain Services (AD DS) is easier than converting the existing structure to an organizational structure. -Because the effectiveness of application control policies is dependent on the ability to update policies, consider what organizational work needs to be accomplished before deployment begins. - -| Possible answers | Design considerations | -| - | - | -| Yes | WDAC rules can be developed and implemented through Group Policy, based on your AD DS structure.| -| No | The IT department must create a scheme to identify how application control policies can be applied to the correct user or computer.| - -## Record your findings - -The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 37a8decfb5..68b2423050 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -1,6 +1,6 @@ --- title: Windows Defender Application Control design guide (Windows 10) -description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security. +description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows 10 devices. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -22,10 +22,20 @@ ms.date: 02/20/2018 **Applies to** - Windows 10 -- Windows Server +- Windows Server 2016 and above This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. +## Plan for success + +A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be very successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning: + +- Executive sponsorship and organizational buy-in is in place. +- There is a clear **business** objective for using application control and it is not being planned as a purely technical problem from IT. +- The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps. +- The organization has considered where application control can be most useful (e.g. securing sensitive workloads or business functions) and also where it may be difficult to achieve (e.g. developer workstations). + +Once these business factors are in place, you are ready to begin planning your WDAC deployment. The following topics can help guide you through your planning process. ## In this section From b2d389d0f89d505fb0bd13c3f2ef751ab023e9db Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 13:29:02 -0800 Subject: [PATCH 66/98] Update windows-platform-common-criteria.md --- .../threat-protection/windows-platform-common-criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 6759df82d7..8efa0d1a1c 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -43,7 +43,7 @@ The Security Target describes security functionality and assurance measures used - [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf) - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf) - [Windows 7 and Windows Server 2008 R2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf) -- [Microsoft Windows Server 2008 R2 Hyper-V Role](http://www.microsoft.com/download/en/details.aspx?id=29305) +- [Microsoft Windows Server 2008 R2 Hyper-V Role](https://www.microsoft.com/download/en/details.aspx?id=29305) - [Windows Vista and Windows Server 2008 at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf) - [Microsoft Windows Server 2008 Hyper-V Role](http://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf) - [Windows Vista and Windows Server 2008 at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf) From 50d492439eacb3fc8cea4ad01483d3171489379a Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 13:33:20 -0800 Subject: [PATCH 67/98] Update wip-learning.md --- .../windows-information-protection/wip-learning.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 0320932593..a710de4335 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -10,8 +10,8 @@ ms.mktglfcycl: ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: stephow-MSFT -ms.author: stephow +author: LauraWi +ms.author: laurawi manager: laurawi audience: ITPro ms.collection: M365-security-compliance From 32159084af3fe2638a001e10a458d24439a9064e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 6 Nov 2019 13:57:43 -0800 Subject: [PATCH 68/98] update image --- .../images/threat-protection-reports.png | Bin 0 -> 216692 bytes .../threat-protection-reports.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/threat-protection-reports.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threat-protection-reports.png b/windows/security/threat-protection/microsoft-defender-atp/images/threat-protection-reports.png new file mode 100644 index 0000000000000000000000000000000000000000..026a2463096e884471c099fdd9e2e46492d17517 GIT binary patch literal 216692 zcmdSBWmuG5)ISO$AR&lImy#;dEiodkl%RAs(%s!H-S9|D!w>>P$IwVOLk}=?4b8cE z;(h<;!})eToU^YBn7wA-Yu8%)UTgiM1rkHVO*LQyFP-B@~p$hrrK|Cl~<5 zp07$B_=9CDt?qz=Ld@{+gDRs$541qRbd-^kz+A(@AmSmKZ`ld?nBW@C@? zt9(!zAmKU!BynR0Lwj>uM{^r%6hf?5bO0Uufi7la>t=6mYUYSiia+=spyK^awKvv( zX!_F8+{ze*2Z@gbe1rAyjk1l2ql>=1F^abB{X=t{znPmm7+UHBP3=+Y+iGF}@{8W0a!( zF(wq0mnbsgqF-Gzb{E~WCMNHoMq5zNwl7oj9_UE zFHP5G01uT`ZaCY#PSm!lGCLqoq)3}JVEAqwDj50~J9{T?D=65Hj2NAgc<M#r~X>4pHKl+`Kkr8d}ANo&`E=*2Hm>8AYI)w-}qC%_nJA<7Z3B~^{ z@5_joRU91&qp^ddt$qJ}Bs7#;4poTY-x4b?`~O^#c{lf?Z+>P}?%98>b2B8D!~SFB zXn_6yfeIC!{TQK)?8x?(3FVr-w1O->gN2wB-+yaxC;qT9_WTsRpU9*nb(F8;Q?mpc zgefN83vAOD7*Ee{nRzIMa7+K&etqjN6rIB97`xPl$dXG|CgE7_f_TAM;oV6)!vjjx z9*JCVFXi+BJG2pV_o3g6ln_VWp zFkY5-fcr%C-;VNRu$QR}r%dyIq@<{wB<}Najx@;Y$Tu4L>}gmdz|y~j3s*GU_l>7O zBOJ|qY=#-vEhgJCmX9o7&)9CAPnHU+P6xlJo?5G8W1;AkxA^02s{VAOq?sRSp&-k| z#FW|9#Z4*kzD_XQabm;UgZD>b+?KP?0#b0~mrKSJ^NW8*7i%*1V$M*;nOq^yBsP5> zA3iZvb4sv3{s}y;#w(mWXM8ec8q4WTkPF|8BU9LO3)>#vE)saxoBhGsI&R=-P5K~p zU_H;yXp^x{58KKMeH|{^ip2`&nQOt79-^IA_m+Pjwno^Ooi(sd53QLZh?4zTmZ^fU z^mw2v>sd3dt^U$ZW^;3AO|1>d6B{$KcaY-d45|}>a?kIsZ?Bs)E@g`=DJ>pIIcvQC z<>1g4X`I+HDpi!^RW{Zf<$G57DkE85~jXvxc zNqs08J&8-%B{vRNFsd0SYM7e;pz?`)_H1rk?fN*bun7}0o{>wKtQwyO>Fh=9P#vGT zKX;y2mB+YVW!8-$b?Z2i$?8h`HCn&M_puMtmH zildNuKPr74$Ha~Miy=xnSOC2=q^H8oL&WV2;b7r`dg+E0>HRxD7el+Gmrnn59pem& zPa*eFQe<9xZmPl*f%s3Nd>)&G;}=tr(T_A+#FuLOsL9d@qXje&WW zasS%bAo;!fiHUBcHZU0KTH~c!5ceZV-#^0^7rbkm%aGW6quiZI4B7ByK}g7!9A_Is~_;iMUcEf{F83I_u9wFX+G7Cq2xg zDX(u`KBNm+R-XMhK-0@jkdASL2}$v@s_P6Tq-zp0S{2Ee{#C;RccMfE84#~Xf5 z_{V+#^FcvBr}h8 zr^q(R=rWQ*onWa={;;#4m7MqTU#X;(>UlV=8*?e_-u3tO=}+_$P%YyAH&A(tzAirp4h}g-y4=zCApTX9G&`ZP#nlV}BhwJ^asF z2uSh=xbUV&6&DvrTSo(YDGf_in3tBK6_rf!R~x*Gwr}i*6>Xzw9Wm%)g8#~Uy#&;P2PEh;T_oVVspKRP}JhS#L*ZNU1_AiyEb{M)y0a*y6kqv$X!F%mjA zHLsDYby<=6>UOdw9g5&rL2^6!g$jsz5=m#;>B%HUm3d)Ob9r=tOgc zYN$LIGqKUDyJ7;@s^y-Zo=*;uP#BCxR~I&iYY+5ATTa$wVVFnY^XgFnPd^Y>oP{^|ZKItbM2oH_dEm2mx)x@hr9vQo1R zoepN*+P4-=u}dA?Bqd9cS2JjhN>qQMc9uyYja@55g4N2V=nv|?jl1KsybVW$w6=oU z+uMP`uI`l)JP7ib;Bp0!LFGVvaqA8KuVYvAJs?eeeNE7|;o zbhcef`4r6P2+X8)(S)Z)6J>;lSz2Ni6*AQlfh-uonrVKX-QPUK3SFH~4Bs#O;&yZS z75{?5+pj(IEwgmGMz%!%1@5u$`gVh?y#0RfD`AeP-N3J#Ced^)Xz4TGhb=y5$y+Z5 zJs5u>7Z)jqXJ_3|D2b0xD+b*mFT{zC4+6paonro(dbQMjo-L~`Fl6}SgW}nJ`xbq6 z;OWJ}W3i*+b)KXQZ)wuBdY=jS7{~&7F^~Bs!SXul_}D)AD-;^{ zv{Wqt6RVG&31xPm_ei`-V4zo|%X<2+pP`}BnisdXQm*&NO&XiBqBfq^@7rnUvaQ>U z)}Hp%pgpuorOGV^YsfaEj@DP-+EJyJjk`R)8Atl3prq1~?$IIXp3$L0X|{k22`AN0>~`aYV>#7S;}fDoRaJAycUPsaiQ@ zCW?_mQHztjJ8f9laD}5(CEJ6o3K)4xJLmb6j&b1eooEM@RKR}0m4foK8B&J5Q7^5~ zm2{UMKPwxdW#EYIN_YWnEx-QWUm;v*@|`_u@3ZVHi(3MiD4wdy6JR-==3H-EBL9DO)fQM)ErZE>O;H(m0(95sLU)+#`9x@bn{!xuxraO~IY z_1eu@n-^`Yexs_<#-}SHuN_5T7A;EEyeNSGU?&7t{(hHv{DIbKF|tuaER%9fyC3j8 zUNJStI()yPuGIyGYKo@*X3f@7`M8%fTl&*fP8u)&H95sXt4+<~gF=%DtbJ-ae-YnM zMCyR4kZu(|`~9WE7Y=|_??&0b=F&#?ilt9C-~i&VUA@T=6ZKn=GTsTKJp~B_NN@Ud z$5{#foGZ;&QBTEO=;z{JZvW0bNgq62(6WaY#C_m3XU*IclH}s!OI`p-g-n9Hj0#MA zE}Z3D-&Uc#o{B_$2QzHR;e)A`OA(=Cek0{FNGllZ$gxc&rNVpiBXhjL&ZV4F6aJ zr9rlJi;)rL#UWOH?R&HEhSCQ?lJLlaOVWOz5cYebwN}*P_NK1d><%0GQfCx@gJV(XSkRyR6nU?e#1A zsZoAjtlXnt4i;DR@$u4W3%vp|@fKHTJhwp*T;lapLoE~H=>34)$U(cRkl#I&V^Gr{ zQgS{Fe5#)VfFsY*K&2#cY)nb#-jgo~Q<$(ZJOa=5`Z%E@0ONs_pP$cTfl>D~rrZxc zh;47XI339PsT-!X+_##}Qh7mwOQR*(w}rcVJ7PUu`qC=bI$XNvLYy-r9h@A?C4hz8 z(6_f86zXGS88yc44}LTiV|&A=@3>09)L6v4_UugH9#&DfHj{PhD|CE}qZVWM-TL^6 z6k;tTit!cQ2nRMBW76Z7Y=Ti;yG8}mIPbzkd#g%Gl5b$Qf%nIR`8Y6>A)BKcCGze! z@WswO)6*WCKVMA_g71YA)Lg>d_$ZQmpkvyMv;+7CV0Gy&B5g4Exy7ET8|Y|wea+45 zYOWSf{@a)jmmf<_Y$VpYKEwb}MoLsr-O_au1?b+&RMz!_z(I_z{n%sMNx zBrjM-ieID-ZgKgXWIT<32c7hIy&i$EvbPHQNS;WI6*)`)0sYGAi@57#mdt zu7HJ#0(DECxv9WQj`q$`B0w+|;;@_q61VEW0UEFhl z6OCV-8yc*0;d6mZhzJ@flkyYgGt05(gy!rBN#H#v=Rs_Hn+FS{^5#f>ibl(7IIN&x zd%UVi%DD#Z8Nu2f2rW5S-gpD&V!I}x&AmE2V{`lP#`t=8J#c9ljrom>d?AmjJ<9Sm zS)^A<_{B-wrG<+xs+KogM8tK&OXU3;?Q_GlFFsw;J<;U`qnZbYQ=`NXG<)I+(Cx_vdMs)fJ4OgzHm(FE({=yFk-c_ohw%Xd?}8Z}Ul@l@1>jpwI|2Z82> zPs}z4b$cQ`(951`W?m*gS#n)wTky2AjBgk8MQ!$Xy=ZJ1%;HYjl5SP0BX4VSX;rPP zuiPsbbEo%(M@A=Acn0)#BbSxGt%e!Iq$qsDij6q<>A69XkeqA?o_*gaQ?{x#C@{N0 zx0go{jc3_uUNfwa!lkBIKSQZ5clO0XvWbVG1-?>{TvOTNzVUt@#;zXhA=R{zT@w-7 zJGvf~KuG4<5f*tp_%SB?en?rNdDtV}@5W8YR)O)L?5+N?-Op!aa`!wH$0?tuA~qCs z2BU!Es9LjSy{;tqIp@xS7B63-9iMjl+9C~OgY)tNJ8Sk0k&Bi)U%lKdembgu)XRJ1 z7f#)V5f8DeLui=rSGIt(?J6GBPKak6AAh0mjnK2Ox5O1a}Q zHO1A{)zja>ox7CHGA)*wQ2~?b^aKt)J%7Q_#{hFqdWGrtJb+_W3C{ZU*A`jw zQ^N9+%aL3jOcdFYS!baN;w-rH-C>A`3IB&ihk@4xcNf}pJgNL=?XW(NKVFD>(9-V3 z$T$xLUQ*>rsi3PRN*m9h=VI-hSZFAJzrV|bajrsWcXN6y?(D1)+rY}F>HLj2#&|)h z=i^!h^Ne|%^?lYo4^DZn{AYSWx5k0@uH`bX+p40q*QQBRgAvok* zV$L^3WL+D6`^SH>&B-QT#5Rz(6sLOdKwYRg_CJFlPYkLqY>-)dHS)sfxV?Vs!yahJeojX;c zWIvpXSz2a=_2ZO@!Qru|^HX^U^>fw}vsjFZ?*L6n>37Lc^?z~oQ0bFdOWwC{-(J`$ zBe+H|E*lh7weLLaz$3S=msu*4v;1fv>*Bw1ayoJYpc*{tv#CT~HTI0CNsH7LvSoM4 zZN}1q*gc90AH0Po8#)8$}m9nuLmWbqN zm6SPOVQDY4z?LFwPw=``tn|G6W^)JXYcGcR!Ty2!7jtw^QC=2dYMptf%cWb%Zbetj z(=-3W2>8t%vuF)9sH&_8D1hMY6At?7IAO8hA;t7_)h#r?!%&%tBf1UIpc*gQ9OSdh z=Bgjxhi6LZG$}mGNW(_%nWa=3z=G-6?w{Q-J1f;1hZT&5|I6C(S<_gX&Kz5xpnud(79Rw&{5NZX7*<8QzU)LWm7dH}&w}>hre*46WfVr_S49lySMj z-#a<)O$B&DJnNx5?3z@lLJD#}t(+(N0h!XMNnNg%qy7a^S;9P&c}scPRq;p`PL>oc!FiN0Ya+LrBwXRp5l}Cjf>Jj2=5y1gF!PRbsIHuGK{?*(` z7T+34;0hdoYVU|6=N*oE#9W+axhk)86>FBbHfn$HsQ}cf(@Pwn$^XJTHQ=3{@3K90 zx@c_g$6{t(@U1Iv&(&M2*Pd{VOqp`Jv$|rkJXsb1``hY;K;Obk?oYJT%bfJ2tW=%_ z{4^XR`cH;#)ZN_NR^W?uSdt2#pRBDQt{Sa0o6cUcu`aA0EmQes*PCL7^9cHyf@do= z%18%2gjL*3_1F)}hOl#-4*wJJxtQc+5{v*;ALaR|w$B0;Ov%yV_Vabl2vO?nrls6* z6Ya}%O0;evqAm*nd`TY)uFs#LBXS{LN-`)GN+J4>jd&V#U;rm~RQg9Ye8BphI(l0N zLz63$sZ=`p0gC@kn;EyeWu0k6!Jj!x-W!%{VI@0L{p#Jqu>f_^|5)U?WuQWy`HXBb zn0;?b-4TUQs@Kr7fz>XIPYhhLISu(|Pl`2aACyg_1?D-|H>IJtZf8!m`b(ysf@ z(F<&OES?@a>EY4QPm2^9(E|HV??gjD+t0{xmdY00e-z#|#jc`F(Y0rr}y%U zC_}=og_nT02*y67rhdNe{#LOUk-b^J?e20Wfv)}pH?r#=&hNqgYLJ*Jlq{DbDX_n5 zn!}!`Qzh`SinbnZ`D(iD!k;WPs`Q`&QXn=qHe5+M47LjS(GfE&peD;m2)thDPm4?z zMFjseez73IKiE&IH2C{{^=0{I5^r*5Aob+q$B%)Pn*;fpvXiotN2z(z2?1O4WrM=6 z6%*)EVB@jw_d#3GzaA2sV58HxGxM==^_ zap=m61%LV0NgRnWpVe%oS2A}p2fg%cG*BoR7G|B0H8XR$xw#R#a_4SBnsJkJq{=2p z;pJnGNIVl%B8o;F8L2!|0MGN}11tM?!P_&_c@CTfI6zSKFJA8a5odRm;G@z`re$c7q|{tqb-i?J#)5d3LIX_FgIW7gKPhT8s($5hNE$qWCY{ zJb{M*DIOl<`?vmUo#*vi3xGSo`~BMhB~4xSR?!pxfPf>Qn9Z`JeMAgmE0OYt?qBnH z)V!kl$!_}$2z*fw{qLE_V#rSV#h!%}`+xE{L33zmCGjX_31VQOLEW+_ z(h~;(TlDhf%eFPN?uYZA_3dx2op-z4*?NcX-K9ciOPXhBoQQ>mGX7VWGq&*GK=cI}GRfs%4y4n|7HRrC$8}`I9z?uH7spuc zQ*)dA9%)Nq`7_tQW5a(Rq~-zv?H>TakByDZ;P{hl-NKUoY5q&&B|52CawqG@ENpKI@7tARq{n*Kv&XF!> zw%H&(pw8#hox!(xxB@SkHP{;ZvDE%Fh9kWyUG{g&XOi;EP?sh5*;)f?n|spUzS{sQ=sl8)_iGm?KWl01`NZXAfN3gn*4{pu z%_eVO>>8+EF2}G3pB{wAQhBCdvT8Ox%}*_?KNQ(Dp7fX1Nx$bvFTUb09|%DHtP>{2 zk<2AvW2?Xz@w(oQ;lA%6*9V}U;$k3v3IInJSA3d#Eu#U=M}J4&F>P$1oV_9rg|=p*@8ZS;m+y<>Pv*T!m~A>v>!Zw56pb(kMyKsBd2>XFAKP z^@_KJ&?<3f$mXn=Ix$?}zt^JagoGe+@p*L@@=Ye_vqXGZ&ntL$8g|vt-DoDf)bU*N zW}a8D?uJvqOw>i+_xs&YdSg*_USO$m{9cDG@N+~sMN!sU4?kucwvoqJIUAH|h`mhr zRaSOAtK-5twN0NNEVfZ+r;k!#%v_QuVqMLq%QjFKoSdpTcN-!W7V$3>yfcu9{z&15 zY(O4vJNab5WPq{!16+ zgvG|{vREC=mwgf4t9h_yfbdCeDte4PT_tki*rVgb1IORqvES7>56WoIld{f5Dr`f* zlv74>hBDLhzxif6n$+*t3XxfKCnpRyS{mrBMjU79tP8dyurMv5C_W#7(?n>t9gm?D zI@nvAosMF{%S?izWeriUv$lAKg85pl!QY>FD95bNYX-9_nd|ar1iPv6kLFG=a%HPF z8MY+c=8N?v5>zNSFkb!=NK_foi^vLzpf;UQ9`H3|^*nr2PP#rzT%UQi?rpi*n4D#5 z33D#8)@I~eIMuC327+=ok-8G=3WW&8;np1>a(2|ZZLaskk>virz zsjfkW=Oq%6jY!^T-4pED)^{r)<-5r$Ryf)MT>6r#kMxD4tgNm9<3jrkTj7tU{paUi-b@uQx(w#5H>&3q zHctklERCLz(12p}OSI301p@Rb#!@eoL;|jz3pFdeAgy+E3xe@$**Ne?m*};juev6S z*FqK^X9e8#DeK91LoyB1oILfQDsKxl>((RzFe?*rTVsa0p|0M*FFSGk7C)I=m6K&q z^^yFcX=g=qgWw5v-I56U-4QQg@A}mP%aVG#TM!AM&ijz7{_M zJ?%zN|47#Qswji{x~1?mha_b~sM1IPyziO1*DU)&jTPQU=553{Vyvpi4?Vk2tY8PP zXQ5tXwFH`iuvThV?IPW;Fm^tMVybb%3F^{LdaHB?;yXcxl6~3`pU>~IMfhX=5pahS zEEE;*k;X)s>>#dpzxi?xo~}BV82xmq5b#L3W~Hc}l#ntPH>1dT;u zEr8%E@?%9pv0|b05QMXcW@FkHETD~F)PdZFF5(gU#{I|Bz>w|p6_0hBAak%sywmk- z6cv`s$gDNa1|!?o&&2u}V78aVGz}&5^3)l}Pha_9(Z8pS&d66h>NHx4kb{S}w9&L4 z$HPAC?+|>_^3NiSRRSc@!2~0$PVf5+PDLdNLnKF;8MlS0nfuA=wEIV?knlUUt+>&8|vAyv(hw zd_i!B$kU_w{@@gf-}Ueih-E`!B*NeA-p|LNWt*rx!e-lRYvfHQ3c?xEjE42(aMz2! z@sf~|Pz=x{{DsCit`^Pi^{waoPHwDn+zJ(5)aNae>A2ITQ?T1hn>`2Nv_O1B)+9-V zSAu^DY%`~M!~s@X+jY)rEOEpDxwz_E*Wn8yx-~q~j*qxaYZz>VY=+g|xb?LB4jNxI zAmv}dpanG~tG7bOu0ODL_kk}}>)kRSMlV1@ylE0Kx}V!8ZQ@frSd>XzemWk0yMYHD ze7_b#vuUJ;sgiqSsb6}vqsjL1j=}Enz4y4npwT|{`|8(y!aO6FABp9f!jkKr7U)jA z92O8sZ;)LX!eWOvx}AC=$g#`QJK_$}a2vlr&sPw*!Z(#Gxu+CP=Xp~;Ef^K6Yg!E` z@3kl8ND$ik$?%YivO64ef%5tdzT84j?TO8bI3*aTpmFk=R48ju&^X`;+f@)u-ZLQx zUa^K@+PXRz5|J4uTXq9l%6Qi0KXLu0 z)dIWS8hK#zV&pe4+_QYuNgB(T=J5@<8QlqucQlVEBd<3sT@bFT25t`A054qUd)v^T zY?h;RU}VcoHu2m}>%^?`l$85i`XqPN4k)w&7*~N}j=@K)Q?%^ANDT~HHh-O{*!Pp* z+nrA<#5JC9a>{EDtGC?I-nY~n(Cp8ow(KYt zqc-c9_?>0x1U}f&*1-gZiYTa{`<@uA!o!$9)TM}npeu&xxm1S zH5gq|5vZ;Ti$4rR6434oWKaMW@{DEl7hgZbao-|AP|#m^7RmUSGLcK&KkgPoqoNpS zX&?Fc-1E}BoGKpE1}tp_Y5n*EU7^Kt-l{$%8&EYLFMXLQ=0cm}+pK%Md2b+akTKqH z*u?^Ax-{CC4x?k;aAWMAoJa0m52n_|P;luQ?~LEC4-4+oGO$J`!1sSW{kYfbmcGDM zc-%i>>Uz1)t~20_d$#2;+bP6x!W&0ip&tOo@^GpC^)90&jPUnb9KVWJoal0w&&kAu zs@rLX@w*Fqn>D!@+0Ck5k5J7E+LI8G?s)};wM4#H-HnYMV~F(( zqYb05BWt8g$4_-I-zoFG+c$8*2oac zEg!O@h@_*>eM&8Yt^)Av>zsWk^bErfLj z80rm*jc_^J@UkUk_vh!bF7NK+Tv+zK+Aj%3`I(V@PCgy%(|MX8GpK37u-{Q~iFk7x zdZ5u=k-i+>sw-+)!R(sH=!&VwOGE#smG!j|C;6{xqS)IWCS2F8Zv{d(lzgzb{;pW| zo1`=#=CmmJEv7dOMfmINuI)`jBo(>j_9|1u*;(TL5ZHQU{1j82^8&RTRE6DCh8a8j z?MZQQWdpU~>c?^x@2Dfbr9MoHwvj?>dFTj@(7+%(i{WIRYN(ZGpmkmDBrH;3L-six zh^}zy8LQ!lMZ?BKKIBM8e<+FO;%X12JmXSfEGxC^kOriGiv@qyaOyF&cORQwGQ8;s zhaRvr;|Gs>rmIG#W=#L{gT=7<}aoi2vet7j@?slH>DVpw{j*0OFGj&Q7#9%;i25nW4292yN=5Y&mLRa){Dj^X*)WO>4o7p13GXo zcy>_QhM)mI%&J{j~EBs*N=zT>rENF*|; zU%b1!bArw6Ir%(u!eXp0DE|P0bC|pxkaa`|rw|55!BfeSC+=QNeNA6rfd^fS6uh;@ zHH~^=bM?q?1H8YXtVwA&Oc{oV-3;gSY&_cxZ0{sR?&7j;qXz~)(>fSaXucLR(bj5* zP#mn?GTu8s?W(^fjZ@I+x#w){^qeBAofdOL-|)NJw;AR^=2dsdn#n$5!fp9+4PW@Q z>woQf6+;@Ft%*eWRUuJ9mN?NOyP-0OGN8MBr%=4*GOQl?q{PKl0-fm9C@!f`3eJA^ zKv|fac17p}=b7G&Q_RVZoOWvZEx`fkoHIQ)#BS=BT*Y0&GaqcwhIbI1qp|TBjT`Rn zc;+WC$U9`G&k2W#(}v5!_jZ$WH3lIu<2z0!;>qtr!SyJ+Sz@ADZ2e@#Fy;thzMZGb z^^EXKpj5f>Kt-E3m+?{aLcsF^KdqC~N1M0TG`RRkx?+z-k54ybs(hS0wOA_YYqu~Z z83{$cRm`WW8S^HwV=qUW!~CWfq!-}#tB3#;qOU5y_mQ1!-(Pg*dYf!W!3>3vkVfQW z(gLOhD;w;dacPb7_rY$t?PKK1%(vd07?G9Vez)X8$-xbj-+Xj^>f!E&gI^nktNks! zTjaQxhFp`-T^J9?YnW5cywEqw1p{u15Kq;r8g7Iq82Fzjdc7i_I z_qoE4{!H1qU7neYaXY5=GUd+?cfMSmdnNI8#Zn%dVB*i{ev7MQ+-A7-!w|pV#YjJ` zTco$=(ZRjI68K%>Zx^ncP;vqPeGokEHXxS6aA(P*Da6TmaZ}gt`CGhm`0p7-j0};C zmClOw3~@q_h@B<$vH{bRHciQ%W>=7@)T0$`_WP>T+YjpM=uo8NeF^LFuE*tw4{S5& z^V+ZQZOIzw{@^Hdem=det!?h*QW%;?yiiff66*Y%)u%E7oMyDTSfEabd0zf>2^|At zs+?tEN<%xsLgmNtv8y+~EtBbbA>r0t%KnS~C+i_=`*|J}7XW}d7RzfQzZ&Nf^~dV5 zi_yZ!;SxgvesfrI)|-vTpwL!3PPk)~F@gf@X46Zjbx?PJ%KAAInumov5tC)NtC!8O z7%4MqIi?n~c1oaeX?Mj?kX@T%@#26xt?VZ&_$#ED4K}*TdUz3@k8!$Z67}>t94wbL z^_;Y=KC62XZQMV^^rf~byrz&^-(n;)fouU(QC?!f-jj0T>bcM->$z=?hj$(j7?!6^ zJ?EJ2JzPGW^0MP1%LV>*)QgFfFs&uTZ>7>+lyRykQ?E#nec%5GH}isagpxE8gtc%{ zX~A7W@ufML^Pt=2^-&r$Cck|bcT1F{UjELyI=dlV=%CD!lrwD5jPNHss|W0|zh0oA zwG@7>({>hMV{pupPP$9g+2AsHTg7!8F6fF_@j3pagOBIf`~zy(RCyU7tFvfjNaBOq zNHc5EBR$-*`KDm;>Iv-htr1Dsvlo(QNSxl%onh8UdKB$kckt;R$>nC%fDDVg;SRIg z>Fd27bTA`l&bB5qt))@B*!In{vG`*cHvd6S36{nko-RvoUT+-<2FfDsR*M&^jkhhW zGMhtWNm$DkarwwK6H<#0lP;0;N^9trFEU3{oE3lYce1}L-QtLAnlhc?#dfahCGQIH za3n^Dq}}K#7RH%W_iQM-|?sXmRksK+s(uY$z{&3jWJH|IuK zcSP8v%cOmEwiw_|%N$L0lHpISek*4RoKG1x&I#59F0_O+EkQ$GL!~&` zUAsR+c1&b9VCj1aN!|7)9~Z&kY=M|VnF`ynHz3>gn&bwk1&>a8n^$?SH0$S~V#LV; ze_a?{ebFu=pk9&N`7K{a$NU)u*N(jstT7(zzCJvw{r2}p^{5(6T6?ah;mkJ^O9Sz& z6QODM5ldIuuYB&-xA+whpXc@O>r*8;HYZFQJmBIY&f6bPLBCSZrp*4-leNSbwz9r5 zGDQ*Y7+H>+P}tGF##2Fi)}P|gV8dzKL$uj@+ephpmFWaa&gC$sN~fSmN=dK*$iTlct% zWN^ecq&L}B4$S5ia&H;yk-MYS)3X{LD@>ezrd}(Dsywf0PC40c@~dPgC33^!V&116 z*w|yTTsI4rbq|uN_W%o?VrOkNMWZXUNcc5`PD&IyT+cLuu#;H^3S6Zgk1QP%b?Nly zjt{TrG$2s=v{MU+->*8)fM%TZ~o>v)6MOzFz1!! z-}i7Bcn~wd^Y4gpfZV?qBqU(d5o+gyrJ-Pd&MD$xWdoef;1PoQzR)1WHE#@Y;_(X8 zmy1m~UKJIpw&PGNQjEK@ zMIgC^8`^_Uvr?r%*TAL?0J!G5cLZ08PaJ91&1z$VVnq5)W0A4t%bB6lOdBzcWL8kJ z5Ki(aVARiFybyPF<&TXGI%R%m1Zz3FshaL$b$Fd$r&z3UXjjH(@-dP@{4)7ZeMus# zc1LLBu7r^h{mRP9V|4UM3~52ya>uTpW5CUX<4X$NiWt4F@>y}$y%TW?&HSQ9oPiu` zCU%iufG-@%Ew!Lqc(kc2*hmCGm-dcfYh%A`9L%No07N(s?E$;r+lvBlOei$O*B1pq zthT1gD1hwO)3Q`KWvTow+t@uDNGvts0! zyv!=fk*M?NuBJVwrd^ZIF&)VQa5!o(V(GsNsW-E(Zf^RVsQ@N?ad}Aq^dT<(*aVyk zB-#M^c3YY{@)8p0iHV77Wh$1uIKb^AKqr8?7#(*`Pm_Q^ARvqG2`(=E%a z@EPN=0O_x=nTEKlxnn&^gK)_kT1j)hD{ z;HJh*m7$ar-$Mq45Ir~j@7#37&tAaQxL89ey$>f`<^7|Da*teXFG^oBFnFn{Ds>d2 zVLo|tNdzPSJ^s4a3Df!HdyCRCY4W!D<_+ItL*78e{Y7-JF8(Jm%xNQZEMrBcLF_T& zoZMW&f6#YSA|j%h;!>)`NDV+AF0M+hcftf!sBqH={SDi}XFxhI znVH|zX;jTxo>lul+;L%;8HriS6#C!9rBJ3?Hk+}a|lCJnU7GL;|+W(Q=vnoUN zyv@O>)cAiuTY@9{A<+N3H~p^TtCMyOuFv-@**F6ldXMfG8Puo*XZIFdy3P`8dzC&- zRrA8E&@4`l)8Egbl_u;vH%t+8DX;(Z7$=XOE-O0nNNY{1WymVZ-z2y2X6(mDlJnL> zRA47!3ENe?Q}+$8jpT-1N?GPQ!r8o+>mjw=h{7?AkH1nIVL#Kdi5y0q>ug{W+p$Y1 z4t=r7qn7)v5u0&zZntUo9+}zo#4$Id)21vxi@J7>tqAf}@FB1ljW8AYzQLh5F#=PwR8wM${nB_%pJC71QzgYeghv z6RvNm#YF*&~%*ZC(rPlU@l<$Ze9#} z{vD0FLo|1JX>-V4NU{E%XAV@yc?MfWJl#^abzB~z|7EGEGZ18$TvkysN9-iy$ zCla(cSX-I&V6j-rzMm^0iqaIyz7+1^tUFl2yGe9`H+L$W)!|(Z06~stbH_;6*^Z#c znLgA@*`Q9rSi%MmN2A4Iu@^_Kyfd+M@p& zjWi*Mcw#aFPsgH}i6Mk$h&$3*M2lXE^1iOhv!`w6psD(h#NKymmu{mT88^UR_pXr%IDX z!k3!b(QtY7#}s8Lw5v8~kDt+YtzV%LhW+);@9`1v?tGi1lC^%6VGb*96PrcQ>HLNHp3;e4f! z(gPu-GcRiLd&kpfZDGR92cs_!%{k?nWzfN&3VJ%c!v@@ zNcBee^aQ9j>zxE?KiQ~k=$2m3SMFU zaZE&z5F|uE1VKVtKvF>oDGBM2ZV>4fDUni;E|C)H?vRvj7u`rKSajEKEIsGkbL00s z_wHx^vo~waHRm_SH^%$EBR($9FS>VbBtF@>R1`yII@8|OP^}u6+xe!k;SLA4(f;X( zhN$RtAT#nPT3-NfXy{Yq@BQ=mtid4){XLqWgQuHPdsB#HJsqY+a+Zy0#GT1w_qQZk z9m<4CyF$4!Kkt}H&0fiK%1uxS)tXJ6B}{Y=Nml39s`b@d?|0E9S&N#(zEAg zS{esSQrQ;jlO7AR$2?|`D=_ILUv%E{EcNxQ(_P-bsZB$ERl5~>4>Hm|D{INvtJ9Kr z^p#l~byYi1^yFn6r660ayJx5dc#m~0Fyot83vG_faL<>{F5Gjv*vA>>v{6BlzvQ?X z)v=gq(@fA$DPy*(yAslEG;--Qw`^71WMtHlqTB6j^3?IKvgolLY*}f!24zHJxX$`) zg5xa#?oHcn!M*E9#j7MRz1Hntzf?;P{`8d|6 z!m-Y`@zt>@ul=WO|2;*+OW$67M+mgi5Ew7VlE^9ai_(f?2(&cR(lWJd3X?2$-Pwpd&p>sAziD(dRLS^LnO?^OuK3h)Um5 zoZmkbM!-OBBP-ud=~AKLMSSIKE*&2fG=lBF^1nkuq5VVA{m^?AyB2ZdW+ zqj~>B`2k$g<$VMm?Po65m}?kPHz=@r!ea`e56D9vV%WdBV`4Jfd#H}9G|_uhQsm{$ zAIfnW_t=|0$;vxth0v^rDm8hAt)-GYF-Yz%!!kAT{$$IUIlq*sKB3lP)e@>~sxE)T zv~&!sm@4BTM}l#pcH6flFB?ta&`VBcZ<&Uw%*wawxtN13hvn=CC=861`-xZ{*@;?k zY)VSf_8_Z1Jw$X5S?4KTIL#|@n$6SF$GBsCf2+;-*U6qpLu|KBmiSeiW5W)#@wc$^>Q2?J)e*_yAMLO`8`R>Lt7^%c`JtO-Q1^|Dtj_)dG6Gi+*)~*`GAn{mxs%Z_KqaHLP~P2 zpM<7|4MC@~&s`Gm38x%Gw<;$)5qXV=+Uqnr8_v@rwF#RzaO#j&hlWR&V@$m`=&glxBt8P)k#>8K;YN=+`D1?K5^-L?@&2oVwHih~y+3be^f1HqMQw(UZ(Y0Ia5VBXmT0-NQq@nt zHkO>94^OS%%!ucVJZ=3|Vaf`=adpVzbM^SmP88oy<5Kg*##Bt3p))@U#4KgK^KNNn z;be@`p!|B#;eLe0!_&G$0jo#e4j9sQt)>3@-gm}C{VzHliBBz7k!$Pjk&M-}b_Po5 z*|ez0H&3onmTtCs03OLCe9r!iM+}~$fPBR`UrZTdh<5GH95Ze-d!%BD@_@zlT zTTr(%#AIHT@bZY9p3taca#hc(MtX6Kb@MLw;0tW@ej#{eg>z*k<$t;>JKVXWooa=U zw7cv&X`cSSo1W$^n0E-R(z?jjx%SBDA+r|OLMIpP^U7zUFKZnIc_$KnUq7o(*}5A! z`Zn8is##u3hFtuh>1CU>xmKr4yr{_A2jNCS_2XwearI2`0%m^<>gH@ztg1s&m{*TO zU$hICyhFGjjvf-ZBIg{3oOh4ByRYIZ-#*Y0KKzuqY}y$YA-y#3L>bK=zKn8JI!9WX z)**Y5?gqrR2_+|`Z<(kZn%I7gu>Oa|KCEAOTX90sq*`o_U>VHpSU<3*&hvK>v~oYZ z$xayINKlU}q-w8EGHOa&!LjaylNI;4z!6iD-fC5ZKitolibCMREVfSk!kUf_Wv?%{ zq5DN9e@;9$5r-OgpI1B%$ui2bN3yFFxtXzLld)~stmCqT?NTR)WvWVrA(*Ev?VHckeE&AJ^oKT5q+F&As7WLZQ-&io!!eaIbrK z*35bI+0F$71<^urIaJtdvXDRvfRFEu^XOc3pxY4C&|sQt4W)nZz(fLBG0{T^h1i$z zMtT2qLzdETp*=!WyGNB?e>(V;qTb8exB8c)uFN!+2YmQWsvYAXnv}gs@C-+LoQEz* zzeN;RubTKO0jE!{el3@wI_V|cvB4^`1b1Ai$VqKa)iHT&#iY*4z%-JQ{E{eUh!yGw4Of`mAcNMPD$f%>&EGN7L%7(LPzrLnkYza7PS+ zf#~z$x3ks6jM3cfxZ7_6v?{;MRJErU&L@*pY_1-+U$e_3ne~8S7Lu~EVwp;MCF+75 zT}DO573jF$6!n?diKc1&;Rf1#*jFU5tB(V<^Ni0<4(~jE>$9_C$89~?S!s{_5EPV} zlH$EKR;H+=G{4T~i!TyH(0|d|BAos2SE+qSFUZKqd>=A%SQ~w=r*{uB(wCm3DSVEP z4-%o4(SpxkvvEzu&iRWb@M-P}3sWV?wtjmaSRENBO}Do;CT?Ywn{bSiRpX7DDa4g>%MY@`nIS`~5_q|bix>a3u-dtH`BRmwP*XB0w zCqLzqH$-iBkAQ@{pi8PY*k&e{Z3-Wf=VJLHHe;NXd!yYp$>AF7SwDw6qb=KLr}n1p zNlaXA@l;}KqOKaHaX2>`T_UKN4lo%7bNf0)>t1(IefW zkq3;74JKS$qvm-9`mMM@Vl=M%sI-ED&oXh`!OQH^FiQhEB%VEg?)(se+@+gh7)=jpnR`XZwUOI`qJCy->$jIz-rgvEq@(jX zYwuoL-R2*bv9B6cr{%CdL61Nnf1Wk;?d1b#^ps8#N_dr}eBrBdR-akPcO}NoKjazO zR2qY3j~+jMY+z{UOqn%g_Tt5hUbB+0>c8e<8BXl9pEY^=_C*~7HAL&3Ip>Bm1<8q@ za=hI8Y;yqO5?ZWt~kr=d;SmI&WU-97_r}%)qe?J=FTU7WXgFj z2A`k{$B6?CEp@^JZ%H7&@Kb zkkv#8r?W4d>!}$(qN@1wmDh?Ig&cUiY4f1{ut?S5lyki*N_hWO?Csl22M=N^D-}Dn z|B?p%8x$P~PEWC^$j}Qr9_@LaeNR^79ai#Ex9t}g1o(}f^Cq2r^BVS{3$b-~8JLW{ z`d(X84AGj@xV`cF{NR#&M~3a{!KD+?EuBM2{hLgD$fa(#h&osN==jbr15|IykDn{| zn9SDjOtn7ZjPCw!UHE-h5Le~{&0}X`NEbLs*S`IDY8*M6%^$Qo6X15Rd70~cjnSHn zsCvV#U2E0)imn4;Rrdo)?Q26o+&zvTg?tjV?DUv%S>7bzl!)hu5X|UwQ?g1~GoYEP zjceMZ;tAWz@qeraREmqAD$(_3SHEEOt8*e&1BU5(&#gdKx~<-LB1(Z>@kvKCBk8go zINs~&m!g*!AZ%SWZ(TR{ay@7cSf)j@v@Po;k43y^?t%$V2B=%)VtcYP6rDG$s>2TbR;0vDr<2l!b!t(J8ra9vHim~#8x3@P?M)!}xP*JMkuB)2yB}_+3!!sUR zC#P#R-5&QovX)xXI5iNur5R@!S7a_Tu8?pz;eXGSPu7l*-qv^|a42#WPx(By><;72 zi)ZiB=ws$`2oO<@_X(4}JR4V`YH;8vWOc@@zm+@AyP32=dI1{|9<%p⁡7AeDTNQ z^GM@71;gxx6Iy=DB%Zg?t<*MHJw~bW?kGe&&Fu)68$E9V%3{4Ry*?S7p~SJcPLiW_ zN?7I!N4kA_U$#7_n0q3Ak=2dn#zDMU-k*1f5Ue^Q&x4YqPS>!eOLe+EDEx+`jk7R2 zdZKORPkqN!Cq{L_BYmg)NY36p^P~M*!E?3yRQ`h9+nG@h&iCgo@7TTBz4Od-!A4n- zBWi_4{DbR>Y0GJPtekmn*iL7ORZCG=bfKrPmTjcX2{z{*)*Ll$YzJbm$F^&-wWpt` zzJY{8f**wFy8A3MBjQS2qh^QRX;J>D%2M#IVlN~mvBXk7HwTj7NleB_(?J^O0Rscs zP6@Ob`uNLX+P!ixk>nUwM^C(xrH9{2cF!R5-nOL=XFronqd{5UfFRF5?pCet_#i?bC93v zU%zi_^!W~VOgSc{!JnPl=l-}?Hg-a5dmMSH8&+9M=Z4I=?gccH={|K-BoyMsK= ztjv%l`f5y+|Q+aLQdA?REV-C78fZnC-qvZjtiU|ko56V z2h_qRsQr;03)Uo3iZ=#4e(h5)k#3)!bt`PoaF==vOYX#*=RK~A6F&3cxsl*?nbY5A z{v}{=6ecp>m-y$W zUb`L2&2FsBksLnf{2C>lzVB&++@0ew%?%u#Qg&JAVdb@>lP3l;K*LSy(XT;Bv9{Wv}(?g!sn0*1cDSJKn zYt${cFd*@jI4d(>pOCV{A-MK|w)ua(48D_<2t-JqJhF zhY!~vb8l0jdHL!ULSnjbg5Y9f;nCLLiU?1;RdcVh{!jueKy`r@mN`LG!iitMex=S? zbP$#Us4TayJ(pOMt;w(+s3TU{8}jOh1?5Y_WB!jCQr*+%l6#K$G^UJFk$cB_+{O%2 zD37gi*1o2h-^~K<1M?L1MBj8=98xcm#&>lFWG)*>Zpi}d{tFAs&BN*m^_m_?BqCV# zNs>B$Eilcgxh>uh5>LDrlg8+Y`5&Ld7a1Q*^(Wfelo;SHVmOVzDKVasefxLW z=l^xthw8=Ga+EuySZkV&*Xu$>lD|UETht$SvzveYrH+oAsOTjypn7vH781*xhZw~r zsy2KH5RR6XE8b5`%BUa=@8J5Yki9GYP3+>5+Y2!)H@9PFM>Dx*g4-mfyBoK%l10DF zabVJ_aoNr#!iM)w8H?@1T=>K4o)!Gd$IpK>dpk8~V0q`q+$(>5>7jMy0x9q=jq-JI z%|Z&hRcfmW5T)u?=r2Ec*Rk;SkpDx02_jePyW+Z=dhdU;&Mj>8IyJIwv-YTSrv6v!@<02w*g{A~CJFg;$k~@`vRw3jkA;m*-p`E*J-sGoX5Rqs zhK1eS+S-zkkf=8*a<2SsWMovR-x{JjwP&)kDtZH{kvscG&Wt2Ea&9--@)6lx%y)K@(98lPGBE=z#UG$8`Zak&~+X^-DsDap;4E z3ff%sX#eXK(?QNX(G~R=Dee)n{O`-J`Bq&WpONTt9m7}TC(s$S8ka|ACAVv|<q7b* zF&{!h#R2dtXJuw(rF{SX!N=#ar#~Iq>@GS75E$ zI?MiE##j<)nzXn$CIIKO+}x0Z11Fe@_p75LB`vLaDjBvd?2wY|Z05qk!ro;&cx=eO zhG^%BC%=5nbz80Wq??}P?`|P|n0jT>eJL$U`y1GQTvyBQ91R8r23=sei5C)&ZFya+ zAFq|Tnpx<`@UOGj(hs<}MpQJK)}(nT)bVE~ZSIhz90l+G4PQ5ug>CksY#}Bl z24j9-E3&y8W0XwsP{r$oO@{v1SJ!Mj3ssq+M;1y-Zrr#5gFW89efzFf+4$80)`_qal4j6*l zKl%HGk{wP$0)>yC-|QP+4Cw2JQ6aAF&*YT)e~*eB_+V*PjyDH{bZ8?jtW13m$PzgO z1qBm{FX8%o1K8%{9}NhJkZIl5@MdNRuYTFIKZOrD4h*BsZ07q^mmXE-(FC&tfa)HdU2+~P0TH0W z1RUyBz1OM5T6%=|LpI+>^nQIp8T4_!^@o9{Kdld`FDiqj7y~SEb-2L${rig;utOwd zWz(~>gMR;3=C&ASTh%gU9nNFhtrOZ%->ZvyIPYp}bOY&t^07<4C30;ByWiKr0+=N@ zKO8fSQB_{{*k#@1YQx72SOU~O7!Iq$7p5P%VZM8jwk6K{*MRq#V|5BoF!>>TEJ(lzI5Mu(e2 z#%WjJ$Nn0{hZ*W{RS13fL#3q!63&8NQE&eAoyt7gA5OTM;xH#XigZRsfw7N!E8bAfRv|b>QizPyZOX8uFX%!V}{}CX|p8mbt%X?WWkH^jQb)}0DTg9f~ zBhILsQ%P}48NYn+8|q-jMGI3tr8Q)cJFP=#! z@BaS&3wibsbW2KiPN(#C1yIWsBF4s;T3S)d%N4V)u71rax#HjWbD<;Q((e)b!$K8w z*o9#H8p7_#$jpde6-3u+`xtYZlD~0V1cEk%-8Z~-BgIImR4))nkv7gAeEc9s2Cl>Q)sn$HmYitPA-6vpf7> zP-B0|vk!eg=54V(`RpSpOfxSfDxP_eujjc0Erc)JCKlN#7+ce{-?<4Tb5EYszuP~Z zR9O>MuWOw7T2&R--7U+<$M@jibQkaR{|E<(xl=81>EI;}9HH9ilMLosg0t02uD`p2 zO`H!!kLns4eI{Jrm44_>>|Hs&m41f6)b2RjFZ6Y@?#|Yo=uU9jOL4alv~SrykT=9R zE>b>vNJ;J24nvqt zASM=jv(d}%a2qYVzHrt#;pqRny{12vptqN|P!zW%$B;4Wi;HsCY^K;rakN7nSBGbI zd6}3xqGn(ps)>vH(>trEsYwC~d`G(u+wbzPs zqpYEiP~~T~hUEKwZruk{ryyE-A&;drGZZpEeEis8!A(d-B?slI5F^2fdirxS!i?~W z7T5`NXs1vvg_{vR8p%z}pnug}$a0iOh|lq}tbb$cXLLyBL5z>%Jh8DU$S9eAJx6df zYVzVs!ed*%y*-B=7r}*v1&pO#7h&;7m3#88uKXaTb|&ycr{WVWEefcJJHy2eZ01%biD+nRhm2TIKEg`=`0=AI71H(rY}CKClUwrPUvJASK4Saf zF^vCBSaN#8pM#SVf)~UYKm||}n)2s{><3p#ODS?}dfZ9(-$4V!N|k}52*`(Pf33@ZNiu5CBNI~hkx2eOT3>9>SFScnO7|j zI*uMbzDJFcDS60E+=3(I<*PAT+(vY^%SrVdJa$S_n}J9kVxYgj0VbThWHkInr2~Qa zpD^40{t9+4a`ypInTK%I6#BOfhJL&v#kop!{fbLXB5afc{%rXLxBXkvIS4|Qxr=F* zzk+WP5{?w;`*TG?2*8H*$pB=eTIKMNG2$bqarby}d}CkWgq87lxs9Dxt+ZX|vr+Zz zXU|*F_!eXkOem`Dj? z1dcl0#;E_L{}Qv@ZQ$<&WWE!VYccIEPh!aR9HTy?S!%imX15Nlu;JuGfQ5nioKWDh9d(-@>WT&_Uto#q zSXjT?@=dGCAz4<-qcsoPS#S_(gY1a<5W~w+Cylh@D^|~0BuVbuX}Q-_^Ll)Jvbp$= zWZ12;v-fr1-ttVvQ1m#4-*h94#@8Dx{J-&jw|Z>61V4 zXb!9TG4 zwc2j z(q5^_!lGj~vvs#%O7^riJ17sybEnn1wDISDhIG?{-A(-7vRcJ1W6)Fm<_;{Qg(5uT zIRf5&eWEE#|I^DWUdYzt*@|OX!Ib5x73&@=>wv3e3_aGI-OZbK1dLWN^^XsNBagId zR+>B(u7}eLa=fmZJ-dfheH`>6?KT^BSaCJsZ1+%Uae>Kf)cN(R`DV~gbEhQe4RB2x zYt=F<3UF0`^FJje!BRl=y276x=mj6g>qEQol)woO-&0KF356f&m46O5xwN^ZA)t(h zrDaZ$zHiR1aB8&u=EBe8@X6j@^Fvw_%C8 zzoix$0cjrZQ$98-i`=Nk@$|ndc0qC)3x4c}wR!8p`!7rU64NqqBD)pXb~-hD@6n-X zDX+Nr3v5hjx^Qr|z^Xt_Kj6o~_~)dFh=_uIu=cprcnq%6K!LezhG-rlG}b*8fo$vO zXf)ySaMq;YJJok9JpQgRyQ3VK;#8=7Scb!kQ6mFSJyv1c<|sgw3>hmdNcp)v;61O+m?$Z zK-c*ATn2+mOaaweTLa$?gIuI`-oB#*Tmc;K_bhS>LK>J21lvNb)~y1Tf>dVz9`*RY zm-;>LcooLIEk*)RPFQ3Keu7paj*8TCs<*rOpG=W70(XNJm($<=K4yOK0OKxQ`ub^h zc{wRuz6{j@6BWbTn!@f&saCwb|LD;pB4XmBn&Tpc%$*ZUuG^=RvpJp(&9B+m4BLr7 z=z-PWr#)~p%-D>$&HTAQdsgx`g%D7^5uvrSl$ELtmN<#e*~OS{8K0Squ^QB3S= zUhNShB>b3lYVQO#&mxq)03ZR|$ATG+BNlr&uAe@C_G;GKJal%StNCSAv^g8d`a(sW zolyeNAT{cxW#C#!RjLGU?i$MK8OwjTb@p_RalBwi! zQ<*QJ+c<|2z{X3)2sET{+SJ34yT{JTinnC$JKLd5Sy52|dH`_o%8M!y@02JfpPKB?!lm~b5l zWMaTUULQcB%tNFgkfvs4dhK5rFhD9x3Z>>AcCK;WHj=y7<1Tx=RsGwn1mqK33chD= z-*Q~{eIKRmf(6}8JIe#^#NwW?L!Ra#V5BbWJ_7>-j59J%Sx{6IGGAsYbtVdum#D8j z&Ku9U>@Jhi_f?6})WRaQrY51p91-^E(-Te2JHW~Av$OYQZ0^*N7=qdWKU``t($JqK z1pzt{>B$vL^#DZ$lB~!F{x`)n-l!~<^&i-4O*V5*7X8m+f`RM0JxS^N6cN!JXI(1^ z8}yBPq-c$H4?v>_EG&D@_l$N|h5*!psw58VtC#1uf{_v3i?n`YtWY?~0Spj~{^-aB zmJp!S$uy?$T}H-s)*Ko1|1jaY!~5pl$%z{?aiB3yB_NFzBvNof+?|@8{WJItP;FrD zt$0eG(@kg4wml9n=JlCK$jPBa8aUFR)N2Iz4>{Q&Y^a1W@a z5f5?dHrG*Lj7Zc6T?K>zBWRDXv$Jyw`&kPU-=D+7z|6AM*3C@wd9HJqE&Ya)12TI*c}Y zk#;jpp)K~2IrwByER&V91PN*3F6E@;bmX&!5^b<2aym{%_R6_I@ZiJ0BBAcqb9)J-BVPjV9pLsZOUui;i=VR+7yF4Xa{?JfYgI5!8{>kP7qp+@ zn8u}OL35p{scC9@dRSy+3%PamPcZ#92!sz4T~-(XfU!Ftua(7cTgEPGZu<@ot12ieV&UN#gQ}9a zT?wjK0>7hP(MU9Bt7DSqxIM7kKjCsh)HF2S@LBZF)@}w{Wb(Y7y_V# zXrQ-udcd8Cl2X>msoZ${3CJvSp~5IrcK40xr+>QQ76;rfyC0kOBnqyMR}g}pj;P&x z)MI<)$`#F8w-{^^mV=#>+88DWeqckFuj1z9{9f}&yoQBEwpEG|E1R%2KG)nOiH#=Y zmmK*o<&3Fh$fl_T5Al8DI1Gfz; z0N(le^XK5+U#hAuMd@Efv~t*o4gi#b2(mvWwBpIi5hD#XT7T1XFJIO-;t8)t8Dx~# z{Y4X2ilXB54+RB9&Ac$(i~5w4BG4M{f#SI`QHmFIT@ljD=37q*0iQkCPCCb#j`~dp z$i-r$&=;&HJT~^@i?n-eY@a}P=vW znT>YTM3tnZBsFa7!9gW>pt&-qqcScgX69$fFY{mjyx3_}q%&(npMib-I%IqRnujMP z^?;)~ja;&m6Y7P85ts}(`9TE2)u?;-kz<$#gf>_NNCpY$>mD5mygjdT6$<$@@zeLA-mVNME#la^EE(SNEed&>mILl_8u%VEdh` z6*yucmWNQ3m!FC9+Ao4z(h8o?NgOhJ#Lmu6bnBMQ(T-_SGn^d-IteD+H#*!ftLDFh z6LkQ5F)%T0OKm}n2!!KmU#h71L!1~ZwUkcai%`*azJdm)kwze`7|HQMbVYa_U|UGqy?AjQ zqP+X@UNQpdep}8HWoz>D{gq2};(f?nq4inMIUz$I5Q z2=yj2gPDq4JUqt_p~j8x>sSGd-(Ti^kBU@;95x_Mz%;+Qx(xSG6WLl-zd6V9gaZge7RWo?l!{QDXF})mH|?9<#0s29$0Z_7vz) zbhL!7F11Ff1zK7MMG)wq&P~YJ`H^uNeFDq^o(^6Luq=Qdko(?tzQ+nH4=yI(VuS;3 z8dw4hoc7qw(t$-f?Jr~k76C8~4d>O23RJ6G+P4>0D^B<2U0nFU6E!tAqpLyTLLJWY zrSRMklR%~03>rB6iAi-}FQ&u3hqf*QHc}@DRp@e6FwumBwe?RvK>ou6#r>_L!{+h4UDD+OZ}&^jG=i!cBf4ckU;EBD*C z_h9H-+uLfu$uNNL2vO1W2z~}K39(_KXxtt5aO*@lQwi1(pxcGvGV3H`%|;00uI-16 zUVjp+lWS@yAmjP-^)$WkAr`D~VIfCeVJ)u_D!^cT@e>r>q6K#Cn%hfbo;Ef%Xgak@ zIXx*3uMh4E%~;??fh&WW+$P)j@o=335zyb{<>f7g^M9JhcTb)C;Q{w`NPE@B^V8)? z_g{kPZE~JRilEE_ZQ|nM!Z|WpezVg*GU5dZ07z`SDruqlxPY7!u0QDOSG00CWz5VPknCes0l4EWd1!NI9?hGou<4-%>6&i|ny2BVHn zLq+YELflaMM-5` zM=ZcGAGn=7E(4$nhyDq2vcMR9kot_ply%-Z3J#i;BtAvuC^JF67p*d;xu)}1yi`;K zUPUgjSx$J@3Z?4aeEQh4HH0G3;8s2G7c|u=FCRAEM5q3NADM8WqZD}KZK%B^xOL0- z=j)9Z@rUmfGE*V@4vsE1F0QSsYgfRyM7^!E(*Vk!!CDWQ=^Q(h;mkf|<;V=F8ja`A zedWT9tU4keHoj)-ot%`_*H1y%!dr0L_=zbLh%RC6Gf^$IAY)R_ev+vK^{fK>tw3+` zBE4y3a+JfPqkjQ-0;__5HWJp|FmsfpAR6?{;_GWb4My10XtDZSt*Vz9EOm1T-)hR0 z-SXW9sU~Tq$<&<$&KPMppQL|y_=8x=W@l=6Obj|R?Ptj^f~_OkAa5pG#yV|GF2oerJ5KBR77);n-A%gHN5y`ho*q~z=t^!#jVZm;qus>Z+%u3Yz!3o~6;|qi0aGhtJvCd&wvtBZU zF3!*1aMVYB{wF9s0Wh$=*t36lXbBYk#}5%;kO`uE3Aljq0EM`_Sob4$Vb?*5{P6G) zO>mkB<=z}@=mJ$)i$d1HJ%GW$&dQKWG6KgL-Svk+xXki@tCI4Cu@VA<`Ru5Xj`j#9 z|LVj7t0h;0@aYEiMkocv|k$|w^+xW0FolPm`l82V5&%|#? zZQ;J&Id1f0zLYr*p#rB2l>X-G_!|L3Aps?ss#vzszpXOfFq{#fdH~$ zSF&$-G0(GqB;jT8h=tq9W@~X-*)em-85$=HnHfUt#{i2k8|?C6K?$O>f9z(bJ&i_T zw?1dbJqq`X5%xb{x5YM!^QadUVdVqM%Iw&`w#GC*sAUufBQ!;;#EPa4sjtd->Ld!fLP+0? zmxA^G3tt6ZfV3qd^4{1J6u2Wp0oyc%0EJ9iM#hhTi{YeU>)J!QC;UFT|5*zFDL{{; z;-7*odH|Q>xGlHr#2w_U<~nS@r>Fa+r_;eEs>!tnT@~THL;+u99Se(^iaVwzj*NxVT-~tgrhH_g*}BJ=nI*C&QQ)W zwYJXq`W53H0NuUyDLHsbw*2M{*4YaHn2f>AKAC#7)Z?n8r}xcRp!KYXm4uiWEnI?P zETg72@?kv--W%kxuTF$?8PV|YkbqD)K%721Nsq2U_+Ffedf=I~gTa(8yTv@voz&sI zei{?C*hN`7^4eMja**dxkq&F2zG{#yC>X77`CX5wvC;~xrhy6!Pzr7b&D|HGbd1n0 zOpVmNZ*9YB9O#TCo?r``?t~v0HZSnf<*ux?dXfvI@~0J?4kw->+%Av3*YRa2U_nj~sI7U{kZ`Ds<*QKO0EWUv^p#Bh_~fPkNn z)(08>k@9PhRng!mxUFmA%78md4M@n$8l|1a1>+B>sV_i1Bw61HT&1KMwpAp$SmgvbEQI{$z+r&{ zSWH%r3^aG6b=btSa6(X^3w0Z>Cbiy0X?l3n8h462UTiTdDTF(cW8%``jO$9Y&4km^ z&=n&<1`gfagqDyju?Y#mfZ0HsODs47%MArgD_v_-=enF0RoxQL1k3=`Eyye+(RYK# z0K5l;vQd6(DO{JN~+i8ezzP9!1(mbNzu z8%EeXSt^fu+=&$}rN%zkkF3T0n!P9+W&Z3py5sLa3OFuYAI|KS3;a=8$(K~-QXwxU z<`=|oANr=O1(}p>+tUym6}1>;kYANm;QB{9;>B}CMM9N4?fa~(J&S}I0FeN;fP|fz znhNy}BbD}0KEaw%TRWLi5Tp#@7n;D(86MAU!O?&#*MV2@#p;+GGw1E(Zx$=^Rl)7$Rl#mWCPhm zpl1TTQ_x_R0tdGP5yU4WYdhCnubummyN?-ChkKllD`kN7q5NrBXF!p}edOfFAPcoG zb~06lehk7IM&6z2L=jpVMlY)FsHyw8-n%RM{7F+Y->SQZ=N;bn?+c>V7w2qt;u{^S z>yU23i|#@+92|v;M|fF+c_8t8C@bTc@;H77h1THI?VOn3Waia^8m#TSa0{d_`Aj8H z-!6?d?UuNqT%DYzXJ(!PmjvkwMphw1bV2`ynly^DIgz!ahQ>y$8#nIr@x=n+`o&Hd z9Cq7D#7@78#b|pd)6UA?W|g31LpxZip}XmW_;HnvJ)bL~zKB2Wbnrn)rY|D#(FTT< zjm_O^@6zY6OiRpAaJyxwRQxe1iAq*h7MfWIVHg-hCa60e3T_`Ii%&=>C@vlxYLSwV zxXa9(t*G}Sr=Z*(sSFMVv{^KZhK5MUjC}|RK^1#EsJf1ahX<$nphscDP3m|Y`ofqf zpy3zz(pW3uqiAymk_jymuy>(_2B^#OhUzl}x)`RiAS#4zD;t49jI-QBPcJL4tu--1 zT{1iprV!aow>6&c7uT(gib*~lNr-4{;anVjl)If~n0o70nfXOly?J{gWu>jopTiCs z{^-={Gdc7^nwUU9Wq=1mnz0Yz%J%oc&Dqg3rl+RnLq8oT^+1s@68Z&-N=IOX*6;gW zrza;)=coJjDXflS+jF_-f)NbxNI{SVAb`RscrjTjd8jW=7M7Oi3Q%U|pkz`1o40N? zL&n0s?KRoF$UAU8OQp54f?a)@k9zRP8&W47aOBmt+BOHfakH8uDP-oAjm6U+?^^Zm zMEdy&aHa}dHkBZ63S9_lGbcvrG<^X*#tsi}eW&(8 z)kPRXHeu2V1U*}|K%~qQj0t3;<&AkYOTEqXIIDYr4Hr71INgsRD}IxY`D&lNDTvi}?+)G5iO234=)EaoM?y(SIXpV5r>pxD6mOsihQOYJDEK3x ztI=Lvx+JARU0t2S5v7SnSheo_aK}*CR3;k!v?PUfY;?2`id>;@0-Z?&ITrwg_I8)4 z`9sir9%_`r#J2_z$L+g97P}KVK&UDxu}rGXC!bqf^pA^+L+t`$w|V<^rI+*>f);Ic z$%xso0&b4kf(ub%FR}ORXiD;NL8A_n?_@#d~9)1m#g@)w6nR{_lQ3vAV3$Ae=0j;Bl0reEG;de35`}jApX-Qe1PkG1~uQz!$E7D z=!9LPE#MNg=)SUlDf1&|{Au;rGmA*84d}A|eJ>;RPj9_9xliH*~XStO=$W z;ENxty`-vXweUfgbY+>{Q>T@f8{LLWUC9Zy191sWU?wW<0eCEl35Em(4c`C3$9Msj zRvb1O9Gim!6QUt2aFc+*%in(w^B|aVg0iMhUp90+g4$B7{*dNv#032c{{e3r?Zm~nLrnR;8gewqR zx3j}Vm@4<$)O2LV2A(PeGAqj2sz2Atrn;eBLk_ZJuoN{hpj_G!hRjH14Z!c zumRyzrL~P{0Re$)*RQW^?0(D@hgw!U8rQbA7%yE)q-p5iXd+b>oA zdr$l@U9i+@qP^T^4*IVL@9%-M_9N>8;xmjK+}Pho)M!`QF@)30q2D47<@lS5TEQ!q zFXP|7{Q}xAtZR0Ovy^l62EWVi#_nIw0Rslt9mA%3kx3=D3C@4}+8AeqeF0=jx*UzN zkP6$yi%Vj|=me2c9O|kzU#!GZ?*$xXH7-7xeB*r+u{a(1($p-G? z5B}mq3oXZr$3?%)?}A$p8DJpz=M>~hOG{y*BmqAD6ChwLEG!Tdi{8vMxX=VS*hznt zxmHnCMR@b(x2yz23{4P=W;wowh6e1BHV{bo9){$$_w>j)W`jph5evQt8vpdS&J&s%fGeNzuQJaMb!fy2t7^U{{6JZxB(X@ zr%wq9U67#XcPk!3i9z}VGi;wRDA-og` ziECit5VeiEVxPl*Kn|E1cqqh0dlLb8cQ6&xeu=Lt1zH$^3SpZZvrEg!T$$c%rHblv zd+rZ4J+DD+3;tc3m7V=HKmQ#Rmu z^3sU2MbEF*u(5r;PWJc5m23@SL+P#7%2Pr+9Bk9U<*CZnI!A}wv_G&nxO&ZZH_f~D z)LyA<{k+i_UB>FCMN(ANv}xY4hWxmgVUc8^GqDCq`aVt&5(_4;r6^{|qT@F7fEK=8 zc=2Scx`f8p&u`_Z9vgD1o3qUzssSbm!3`GW>YA)^RRdMf{b)xQzJkUd09x}QCkP3^ zftdgmn>BgR(U-L|DJ-UHDe7$W;{=mtvgmfT7rT2JM$^}_IQ(IJEbMA1N&vi)%k#`Z z#kQkVi*%Xcz@wjZ!nH#`{Gg6z^H~UG_y0%RTSdjubzP%G2|*LwNeJ%l76Js<;O_3O zNeB?!-GT;pr?KGfP6NT+UH{$B^SATS zY0kz7Kddd&TQPl_QcB=f!*qH=}C>}B9K zqg_ZR9@z9BvUh=@;^5#QB_#y|h_>;6Db?JYlmo8<1_!|qG>{s=qSx#JZaxq!)je3K zA4p*G1z|sk8M}aC4g{X+2%Z_Zm{z^&=d_LwAb`#5vk+(OPD zq&Y#Lur-%Q%0RM$=Z?-Z3h)3#0Y7kuiTx`3Dbatm{HC6;s_$fs zKmHkL{hENwak9F`w6L-w2v(%*C8kjMnyKfO^PPk~2YNQjGCVflOc8sp{eJ9m4R{1n z%z8h($L?=Xj?#v;5DIKp($}x`0nXpB5dok<;FV@5cI-1_I;J#ImT<>*~o+CdS2;#`eT zwVb~9lm0OBiU|+7#!`z02b-?h`D0OZbS-4Al<02T-66u(6?^9{QBT&nct3c9S?2?N z-*JpD%H=0Bb}#SiVnqU0>Uu}h5Lrx)9zGNMt4){6n;Pr3N=_rcyALy~OHO8XA5Z5k zJB0&F24Oi@<_ms)?;t&a$Dy_q%^JhB&5Ts|a-Bz-A$k178xK}lV$Qy#XfuMIp{%Nc zhRT16d>VMclAJ4(DgiRclJQ{UroCBOtp<#*z)^6PkOB>72{?&>o&}7UFNldj@CiEr zESsZ*RHm8vZCf&v!Ak&mgR}w~Iw&@m4@?6!N}2uFhYvW;Is<4$;hm$ux@o?9?AO<;fjp@Ouj#Wl~|X+tS?_yNC?4eLh7-P1H~TZ~)e zmLr2MH4x=|>f2Xzo3bF867^TnGPcP zb!UOf(D4B+*4h74HBui52$eL4y1U_tiHTtb4cIT$I@@C~+S5FPmO_WL23R9-pag9P<28_0R|#s5=hY z?V0QOd3@m<(y~|g8ygcnKEBlBF2*hngriapJA+`ItA|z_++Koe$#)IhAW;FNw1Lg~ z1036tFsVl8ef0$>l*d!>Y2Ad&HL#41gG{x6+z8064URe+(*<*ejDo7FI3V$A04sY| zq6SGUz*(!yEaiQdBmo9$C$MNoGArWW`Jjm_BZZUwUN+jdW%Up&+pRq;D0!;f?aa0*A+hTv9@gK#=_yX-Qr~DBpUlEh^^3R~vpXz{ zb;M-xmv?d4VdTTX55mA{c7$rP7V->vGn1K!I3Xo>@@97B=MCJ)i=T;k2Q-{%=l{5% zi|N>TE=u!?Yo;Yd73{o>b_bnde(`0x&`V`nEGxjFy=#A=$$;45rZL+7mh~p7R{D=! zLUmB-o%QnZKP`?heaK#Jx+RF^hTK|*NqQT!p<%mBc}SkN2F3SG;2FtMJ8eixTroG6 z_*&_E(1e&{^ojiUQO5<o(apwvW!nnM-$FENLu^0ng_b5C9Kibr3kh2q_>afyEmj zA4f_`n$?c(>I4v8a;XGCAS@5ISWCqUFvSCr7c(<+0=E-2NGMJgs<42N7#I{%uhl@T z$meOM<&n}dB~$7WsIT|Q z1;BKU8BMM^-JaR4Z<5`$NSa_TgxuMcWXCjbNS{|#F z6%RbR!GXQQ-w`^+BeQiTOGz;731Y|>)=YH{?^mz=8Vp=NP=qrmj&bGE3mTdJEN>S6_obQ7*9SvVZBrT-H0$~YU!dPl5r;#u9THj&U&V>~6C~P^YAe(2!k^k- zkay7%vM1!UgRMOb@rVg!*B`?=(3x9(BObgo?p6aqv_BdRk~1qHrU%XdfK*6%c#>yk zW@uhgZ+#XL5&~5YXjoWNW=uaf!2Sqhp~@N@+aS9w4N$TV$Db;xKygoQrSDcCtbTl{ zu6!_U_-OKGP}E`5M9*s6t>uJOM8t`$P&OOHy3`b}Un5*hke?()6+LwoIR1c$+F8Ed zWhb=$ZyE!h$OCv<1&FYz%!9OF)&COfD*vo>RkPPeEiT zEt#5>y8U~m2AXW0p2OrRG{uhT3p?lV-91wZ9X*-(N}h4|d_pRAMZMkbk|C5YYf{>N zI6m%JT{Eggr%6!7llhyGA%S1Ga&I!I{Q&mb+pg=BYimvvgdPmCa`I@j*(S zd*=p!Wa{JMuc}r?P34zGhod(BSvI`9$ue=gg+W_6E|eVXjQCj8?3FNCi^{c*Y594O zg!&#ymXNbg>Gxv8T6~`zPfzQ&J)-X?I;K@y5J3ScFIV*acpcPS6Zy6*d_%MQYC?9MMUj7={XPvHUNEV$5RA( z#6N|WR{x=yG#fj%Y=7fes#)UgzNHd%*tY|#3OWw%8HX%iKHyq@B2QnLvTCd!>I&kz zht@B(S4&R;L-^6rL_txaN*S?@#W}?-CVp;(i;t%^xFl|7S>zkPhg60lCbD1V9fP*EQi&`#E_dDbl{?1iB!D9V_ zhjBA#lQ};LT$1UD0iO27A_9=bSfS^@Zsv7LdV*yP;nG)4EPV6^#|-E59ie-1HyiiH>a7n%sTVB?Y!? z9U!TD^X1+rDbLsE2hq@6Z@E$v6AFmf8DYMAcEkMJM+dhjJM=R$;NzmL%wd5T49H_7 za@Y{z;^KaFK2!fS`AqXOG9*pfofLcj&!kjuFu!kaoddTd1pc@`(cw(}k>+vMb1P01Ggq!>tH4;{sYK;zZm4vjuh(8izA-#ofBbK%K}R3OU>TbO?~os&a~ zlpv0*-=Nr)Zi^WznQubN3=XLWKzV%JhlBa;dC0~77g>2oDY zZqHGtQlxhGB9d~{v-FPtx{6vZ_=ksLia$177l6<&uxa1bXU!=E5o!58lHV{kmc?jy z$@TG$hk;0%gr6b(F6g!KA$MzKz^WQwSNu=;X|@E&xRS+ZP0xs}Hv)Qptp;Px8W|Zm zmWPFwBHt3t=gym(>$ZX{A(wNqfK3=q7nlgFA75bnmkUt7bVTEFIMeN46~e9+56j|q zRKq+*810dQf&x$hfc?${+!P=s0ur>8_XI(r;^^w52M4?J0k=07AW))*O>Xn?bR`Q` zPu{M0k6Z0~L`K1z?%odpgdN7;pSAPjiXAiucML*>ovvjF4tIhLe(|uQH`pi+&5g?H z907ssq7>2FaSOz@w7E7~>wFgK^~r1ujAP(uQp%N?+^n(VuPbRLBb{S-a=LS(6S_0` zEWL5o>{)@n;ZLYtez4n zrQJgd1RSFqS;f;vsdseU+>FIs#dntN@Hqw!8FUBn|_jxAL;LiKv zX@4nxAF%2*?ujqmUw>cFdS&nOt`zbe+04YXs>Q>194oblf@%*SPb&1{-wZB@SsxuVLS-ZzrSp8-A9{=+y zs37~!$!loO2*UM?^Oq9&UT~^-coW13voko@ie$izO~Bnc-Mps#?n3;&vhGJON>jp$ z>F@`SMk0=%L9j9G4w5p@flDq5oD+Zuz%s^ISO7h=d$IkjG*xrgYq{D#S6$eC=A8`0 z86(^Tf?KzM&DUNyoymFWg=fN%ZBI{)>A*mfaeg> z-a!W6JL?_xt>4QIxt{s&^b~tKS81XARvzo<@4nJJpa#PGsGu`MoKo5#;&aFjZHzT8Fb@73YlS2DcaY?=knb zWk!~6U9IY{-Q&-zzZ8E9a3MDAzNW3Y4mYU~9=~{8?;DDZz)I}d4vzw@n=zd7q|OiN zquwtqozY`Yd*>92+tNxy-iGL?vyZSo;Te6ii!j%rtq4z(Pn-9Pgg*Xz9WUq^s*wI1 z@Sy@RC&5i!!Mz6OnS-z;1&=Pz>>Kb{(}wygUX&W~YxH36@tMUR6{loMYjMwXO)Wyi zr9Te$Xx~2OOq1ix(=Z(re=7B3qmU+u`Q@_Cbbm-9OFlDy3?iQ{%bRF0xfuV{oR&;3 z4QcE4{^i7=oMAO0;NZDG-72@D+O1{zK+gr3Y|H-A4`&VaX3y^663%PaZjhsU?=~>N z0%?&ndBc9~P(_x@b!nXBV8f5QT8N*}eK~D)HK+P!Yi9t*1OJ4EI&kpIZj`f~n|aL5 z4I30bFJVP@7~Pi_B#l}#B8@xf&nSjigj!Wizv7J4uNuPbPC0RrlPW=imtKwm%&M!?&O3^F_n9o2rumF*SfVOI59ic z<-cgo9@yRR%&l4*_wAsYohKc1uCJdSmH5ukgwFC=y>HSu65+P-!TK#A@%}#AaL;Dj zcN*Sc%PV;ob3F09wxg(p%Gw_5T`$`o&|)T)OIl|JBE1zTB9T4|i}*A@#WBVxG=L!>>S8l$C^ax=Qp2i}O}u zwQNw-WJ;*S>Yl$MM#tt~$9Nv!KVr+aw>gF)PHt@ARjGJ%itZmjQW;%&#`aOW{Xerkj5QZ)_%NDX2%0tm%q2ASykhg z>=+8Y;h{G?p1uy=<4l)U*LzcXcz@7jL&Vq<$r{_{GLre&!Qay1`B3Bj`qp^`lqA-r5O? zk0rZ*%s}w*z_BuE2iO&s2Xc01gSraOVf*Uup3*$ShhI~Z?EfT#O+x{~2jj^CtO{i3 zQVGMhzGov?@odven@)oQOiN2zK#u^hC#!|Fll6<1N82aK+M+Xa_6OuR> z7(7p^Rl!(kJs1&-0v#k?))F}aKqkd^edt+b*wN60Y;Ua~LV z6>=2>Q9JDxY590tqO5O9GU5LEI6R%U<4xVS7lVO|r=XD0Hijk@+|SfQ`zbO;vUBm& zipb=X!t3;$>~fcenxqqseB9@U{2dG5h<@CD1 zTsKT-n11ld2>A|?h%vsQ97K`>noQ=#U&oYC(OJBt2G8V^b_~o*WR1+9xQ%W)Ri9DY z_l+oh`y-bz|Il#zXQq4`p{`&>qM|k(3?Vh}N5qQ~zyB}$jEwUH+1c4(!=Vknkx6iG zQNCIH>7|?d(j0t%pbKz?=E?6-%&7}BSarnJ^_ncoU{>gg7wL;=!;fmecs6)mJ#jm3 z-(os9n{3n)V=Eq833ENWrXSG2?;k;8m$_{*3^7Qr7+Bb37mnr?4$kcM4cAtoz7>DX^E0)D#aFwYXxtmi zs-|h@nHsP>pO1T=zNBv<`u%I_a&?+ueR2|~SMcrmXY_wW3#+irKF(J3`lJ~tJiO;0{EgKse2kEY>aAQf}o z(xJ6r@1I>J{OhZ{M(&QNEG#d7fIsI> z!{>Nr&Ss`oA%j78>kAT|-{^uak31ai++?RbXU{sy)@@bYv z+`%5Ol7D`r46N$;5QL1xh`JX%3EBNjleaPw_HjaBZEC*xL6}Z%7Dqu-N!(1Hty3g6 z216yvp}b+y!zgF&d1T-i&bq3L)IA?l-pB#iMN)CVJghb{k^jc{W@O+;d2{}gi`qI} zpI}5dU}hW;Ca^Vxtn~FIiM{9qaOR|&m2P%;PVCz+3@k+i1Le-_ z-CfYv8nQG+n)CEbiYj09a!P8p{X%hPWb9k1dY&!i^$uD`6_5UE+z7HLX`kC96ZxW~ z%>IxpYbH;XBVrVT6}OWXk71Us@?}c=Zu=R(JEf;(9)0OYMR^G)_m`6tW1~t+4i;b7 z{5EFq(nqNV&X5`9@bt~~Li!{Ei<_vt7K*n7I^rID_aE#$WUw(SS3lOU>$$v3{^0Z^ zYu_?qYb4mk8mFscv5Aqz6!JCNjWM9I{95xf4Y{nA$P@P%b(|~}Wj`}~kj z*q5Y|WL$2sDO95oKZqvPUP~ziGY$21kz~QOhdd3bkYwag-YSunj`bfK7jYE}Yd@yH zbl)v08kz7!QJ%aen0U}pSID_tP@M84pW;^mvt4fdcZT^7!YuD(i5oHTj^QQYmCR=< zo+wiV3Y2*x(^;B2;jg{;sF9F%nw0TqG`nsRzPymz88+u7ch2MSls&HR9KPQd-JZ6v8A_j=8g zHAM-o+N;QnH9qax1Z2Y0!FkWqh6WdS+mRxM%9Ssf{JkGEER)Vz3K0Wc6 zw(i7m#pG=9<|*ZHTg8Y+5wa?*yk`qHw$W*qkdII?!QZj+(Nf{jNz!O>)g62$2<>65 z?pK<)UMkyoqV$xDEFu~udzvUfvXTa45OsG4W6lX~>j{f_Tyy@0-MN}srN#Eiy~3tZ zw8GCDHuNbeOC25;Ou1JWa3-v4ox((D9@lrTMSOpY?O%_ECn;7Bwf(d*<#HO{@4xgD zy#*qu(A7>sEL-N|6C+J^WxM@qi;@v+4cZiD!N3`TOY;Td}0;F+{pdt|NPrcoOj`7dzMqLmbz}Xo{w0jp!QE$C@lZOExxR^ z3V;USSHshjo$gdrR(Cb}@;G3_P>JuAn+%|^cz#yzA5zS#cVOgbnVOoK1i;Xs{~RlU zfnxHYKEj)*B$dz~93Q13@VNXl_6Jhg{_j;!aqXowzvysm`lP{h%C<5Fq>?$JD*rvX zFJ!(PSf~y}Yj~XZNWh*JFm5A0z9bM<0|9J9i-xM|(QauAOrWITOQ9-YAH)3{X*n5R zW%>coL$zH0MWyi|Y;RmZX%qC268`uR?$tkWLfN7t9LQxAU#dGYIF(+5s!CAx?=)Ql zQd}V0-#$7T2^34BfEp)YkN{;^K+FVXKaQILTiSpb3c#3;#mX?+0toIHTJD$u0zD;- zPDB(|SZL97D+oP>u~uR4>z(~Ft*!u6ORpRppa=p#1@Mo%q0m(Ddr%L6=(qnLwG5d0cQ#t{-1nX-Uq21Irp zJFD)lE@r!xPe3UPJfHa0xa~6#kNu|}^_wIl=3oH1grA1Ov z*=DJ1tf;OANVD?g&53+(R%RyHXcn@04?nO0NMk zZvzl30qY8|Pg~pDeF0@u5*b1?G&OY*bo=$+A(mK(wzqKHv2EtPS959A8|JQ&ShTJ-32hf;O9vd>7=ba5)F+ zVrmYO78_ka+srjIH1wS>wp%UK$xjaY@Ipn$XNAr_&DYv=+i0Ff z)nt>MW0OQN{X}5^bJe{Vm-&zl zKpkF5-JuFCz18Fi4cN7niYfyXf`PKLKh0F*_g2@?E>%@kU2AJV#ssCAFZsNl#Yo_q z!PJ4b5GLH}aq#i8N=ugt)>;3<4l(s=D%(nJOyG61FN_}_7f0qDeGe$msf6FRKAea= z%zc=?tClQr`_~k4r=P*(DgQg$KVknP6!<@%8yI0)P5*O#)DLiU|6>@y!JqU}{}Igm z_xp}||0sq0_xemk7&-L6xBh{qmGI%Hfz$8f=It*Yd#DvAm}41$8Fe=7;73}D}YCIE?=47p#wDV(a@nZ=i# z>|VZnxmI`zO6H>ez%-#pwWu(*s4#GFarF!hC$_~QbKkuIF-yen1;{XxtRul5K|_HO zV{3QU08DCe2oZQ2t(1(6cVOE6yLCrH{hUr$qeNRn%`Y3kIsNxL$%WD@P8Z=nGVeb> zEe%$r#K6HZMUBQN0qgJ2gF+gtJPY(7g)Z28H!XKvblRe0(`^Hf6W_)7U6T{jkfo2|8K53XjV(Lv9G7Vu2c^a= zWsyer$1AkV-=|J=4bUg*cK9XL+r4(xU8IsE@Wto_=-nc}dyv-KnD)m-pUu)X+o|Fh#W6&*Q9)WoUj(cC3DVNp;ESkvSea&T4CA)cMdMt6{*UWA3*Z>T+}_ zABL>yK^7B3nSc96$s)G?dbB+;YqsF{X-H6Mlb}cvo$VxNwIiozj$e`}aLOd(mcm-D%woUlD-V7EqyI zHZH=iEie5fZIBvbBg;$Kwwq__XojbK(sF*h&57C=7%TJg#5sdcE5vq)R+Eg69GDIt zSogtlxLPhwJhO0;ddvn@5JAHS_jvK8X}|9!(L=9RMGpGw0vL!1M%L6yl+#9JMmm@k zl2f03{7FQ5Dmzug^SR^z88w%-jxZf;)DT0g{1Do9#x;OrnWr^nV|%(M&f1iaK_^@s zC^H^Q7`ENV$A0y4lB&{>P`CXi{ilGAMlR!r-B$PJJ1!LSejT#z*^|FS18EJ!Ek(~P zRa^YfL7%qxkdy8u5yWg|WWUr7A4wNS9WoBup%nY_z&x5lFd-m2^IT>;os73^y_e^+@h}6~!mYPKZ=>_bcdw~tJI*&{lqozK36REuY&PDr z9**p)_DsL6dYQM?CmI;h>Bghqd2sjV1UE>oCDS}_=G~{2JO75OR^6dFa|~~MOPr3p zTpx$r#@_^~)%q=Uc{J`eqxZ*`?zJA2|4x)YMoxds@GtrhMc2i0dO(t^HC;GVh22}8 z(i;7ENxTqFYXY_YdB0+m>2V+MqBaiwyz`LY+L_FPT?{>12SKbwcQ&1!_iUnl=Kh{p zhp6c$4mAO-LrMTKDw-C@r4x*a+bfhBuk$zZy>KrK_vR%<^`cE|HoSYDO!K_*xWJNV zR_z>4v}z=7DAaDQJ!$n7rus>(d*oZ`rmO#`%y1fx-F+fjX`SeEG*)Ljw?WSn1y8!k zT;AEsLt=*A61ULpK^O(Gm}geLoQ&K2ik8{E#g<~`0{>U7F7f>^iSZ)ex73H0|vh)#7Ge#$z)$fhA4zwpsT89lxB&DsVSO zZm+iF!_-1V^er^;u>jp-I%VyH>`6`cbO<+VIx34M6R%?1erc1`QVY>)uk=*NR%~Be z5iX?B7(+}r{v^1KB!*(e)@Ow!t=KzxzL_&P@f<@tEwc3#_ws0cixZ1>>3gCTKLtEr zJ4L&*?V(40$lm5a1bq5moisR1f_bz)M1frvIk)e1&9WyDF$@ctv>z{Q{vPithQM={ zr03KSc^$}>J+y@G4@Vd2D45Jo3FO~Oj=9KA&f7$X@%L1;SoK_<==YUY-wq@k z^Qe@Kp1ic=B}aQ0xsnW)c}P=;9VF-&by^QFzx~zPLbf?BsMtoxJoM;&G`n zHz?Ao{f!?>!EBcbPch9xgA9<0M zCutDZD@HfpAjbS2a(-ykC~3-W$HtFC%CEs&8Gi=$KG+3FCsgZC5AR2p>ec@hNQRr(MH^<2}ckGX?8R9fa&isu^ZDJDUcYAvMv-pS1tmxH( z)B~p7v%tqo`q5lvj9ibSEswUVoq`I?ReZ)2zC*9jLyu;*!!Ndb^VqH)jr?BHW1I(f zXo#BLYrZGls!pXZmi(GO^^y|XAAa390I(y@3#F8{)>b6N@fs*9G&ZB}iAn4Wa>{aB z=PumO*6+v_l7TRvhH2JQ%aHU`jov!^Tein^nUwEHU{M|suwEuM$?Lz%Au1C#Oy@^1ETWoO*+Wmy?0x^s3 zm(+?j6PJy*C5<+n%iM>uSUgs`qYeTFjGudtIb9wajhVjKOvm|d*h0fc>pagtehg4|etR*yg|5jb61NFVv7p5+52L4dFTC<(QgMb+~TO=Gx3p z+6*=}K2e6=<{dxQ?eBhs6gm9l+8BInQmYL)XP*-Ma<(gVKbw4B3M5XsqN~05H>%+< zBL++^o8g9w*M-c@t6!vUG{;{swod-2be$L@?a=B)|ds|o!|FyCx`ShugZ0WjCFf#9h)Eik|6LG_=ZV`>N zk!zr}bDfXVopQgnbV7eP@i3FOILLFlo5n+4l+RUqgA_8J`mAd;%k5M}QgrUD{V+5j zPjT$+M@!>$U#Ldw^OTFASZ;~#l!;YcBG*^l(#9d~+oB|j@r{Rb44>JJ^77uj8&6*RG72J*%~34+Drzmuc|tcyv_!t znL-0MkAA)3{cZoj?AMbw$6=7u8!b<^OAnIZg9~v?P6gCY+fXisVeZK~uk@PO zyac-_t`QoZwBPR5)8ASAi5FqEu@|uRy3+1KCiFMxYwxWe0tdOW+Kury?8kmGo1PDa;xb30pj&&4(*Nh&AVC5bNocO<~C35&FMX; zK#SxkvJ0d29EQ8iOvgqg6^6#8$%OBzd6Wwr{0xR(7ipnN8SM#|^;~`0s<$j-qmF=a zsppPD#?YxUQG*MwZxccOLcC+_oI$)*vh^RR${q(?BQC?ycy##WtchrfjNG#OJrdS} zi(2H^sxlV6M{}V1MZ?$Lbe;&s9RKfvsXF>G@QK?#A8h*)B(Ntn9^V zEyH80Qnd8NWni-aJvU;+KO^K=OJt$4Fc-Y*?Nv`4(r^e0W!fs)^N zh?~(>YI&|(lE7A>AXQ-8Cn^3;*vpH$u;TjKr-k`y_OrHXMHJV&@Y5|$9CU?f$g{kX z%(2n1xfpk&FKn(00|S4R*B2vA*J`%P4&0$cHtg1 z-U|Ko3TGKCSik+NZVTlreM7{Jz6}|c=?6f@nC4sLY>BuOOw#f_|zlx(d$-^u?$q7`4a7`TD-v%*DGJ7}N>h3$n$4BGM znmP4zfuZ*hN8F8H7oHUAmY}kz+96fg->1q}IDUz^Jfz4olOJX@e6U+T`AGb>o2a(( z>YvHOVaHbMX?5MXTw&j7Jd}%Ju+NnQzj=?ieo?)bSQmmCU%c%5sD3;;Ts`SYnCP8M zs&V-ti@z!$NaJ_J_>a|0mK&lC_z>MKI7O66I^R3z>w1T6i2B`1jzjB}T!@>pDm8(ycX`H)3-;w`(?`Cw2DvIXO}QcARZJOb zaGlG6V^IOM-Ih`5t%i}4Q7YB#U!Pmunij_3M@V%lZ4MK;RlVY;+7Aejv;hV2`<0Xz z)RMx#LdM=Aro43f%Xg1Eb=Mt>jHqHe=EnN43eQ$i_O>rbN`A`Q9MEF_;!|v~%%va4 zU-~F&N|ejnEHpuIoE{~#8waDtqUKt@$UT))moS66NyQ{QiKG6~^x)ekAt}d&`e&Zz zt6w@_*BQ^EVf&pBf!npr;;0u+oR&I2oJ0&VYjE$v5vxs#t?|GhI^O>7!Opz%wKx8Y zuc4jmsc%BoS_GQ=>5O#HAxAuTx34Yq^#{tfUF43Y@w}J#LJ+*;Yam5c&yAWGz87;j zhwc*#pW$y6|N5jQR$HT^P3vktr>d&Jz2 zuZIPWp{K;QeP$TZ)<>p}aYD~TZ4HN&tMUt9qojT|{JgXn6HCcduP#2ch}YPm*zwej zOay6b)qisNI0To)U+}RUM{8hXY%*;qd>E7s^{msjn7s1m)U}EiG$)8q`8W#4v9Low zZ~N*JQvR(}MW7qU0-eBJ=Y|oN@m=1x-2BkIyfN~QzJ5x!T9ek1jD@pwmju3(Aj0kl zkMG;H*9JA1Ph%96AIZN5`Vt!u=+9h^d!N~)xo=nIaouLdB^1(BVY@d}o?YYI$R#~v5! zM!w%v7HX@;CvudM?6$SlO;XSMXlhwKAFZ73rv)YW54WU; z1C;B#%fGKna9c26y(^)^{4yuoc5z;}ErFv~u$y~0P+U&vLftBpoz~>j^5=vvAl2tK)E=IwU-R{q5*kcfKK1tS6W=5+-@W?>pJ!1Uu zn}MkTQCBaJmnv5O7X|Wj3b4V0Z9HXv!c}A;Cir1r)N==@-z1t#t zFFi(?a!wvRsGBURC7K(T?QgviynttK?O2o_X~qIoubCJ1FO0LON<=E&H=$x{3X
    R6E$ZtV>Y3^D1CC{-)Tzide}>@@QTA$x2s4Q)PcK)z*NX4j`? z7b>l!mHuwcj&sTQ=TjxJ20p=9%lfGnKZLtQAeg;LR*k`HtNdsDZvof&?&sgb-X*51 z6mN#)Kf{b?Mo{I1UtOK&IyyCeZE+&>dPa4WZP%p6|6*g%tm#QvGUSI_{B-$Vpl(%u zrs5?RBXw~7TQKN6QjXwf3Ju% zN}D|&{^F6KFYt@W69Mue#MQw~WrsP==*&Qd^40~UyW)fgJu*ojIots2ZWMX3>tag8 zLR73b-&n$nw1*Se=l<$-S*=8$X`E3J$6WmRN<{0~k z7p+%Vr1Mw9_owcBgN2d`TR8^dOIb;mmiU%hVaKb#1Jw9d)q<4LkogftAU636Vx-dI zGzp#f!Gk?ho&yn56Rz6Fq__9JgNI9We3eJOxl=pC;;T!>BiS6+`nV}%IS-4o71as9 z+=#9Ivd^7`oDX-g{tk>LS@!Vv%(;2~SEyxl5^}d_k~N3FFt zog=Gk&|gLxJE?Psrhuhcnu%omCene7+z{Wny@JmK_x1Dd@DUGZgb!5nI`ge$C324m z#~&IwJO?iG*<;kgjPJi2%i?Zbcm$C(%R_Fk`!=K4?konyLn?z_xgJvu47RoOXL)K~ zGt}fENpE-?0OjXRNLr3?$t==hT*v8Yqd)`|!-Vl?48Ry#I=wrVvl%w)wIqJKlk=#$TKUYkbZ{_j>?*F+f`y8tFQGdw|Tz z(Ivk7{JP_k{Nql|R{c|2+G1{rqDFs^^jA^A7Fnp}t?vDC$?qZM=?f?Lavr+{q13CB zpxjZK1nmyF2NAKYZzsbicokYD?50KqZfk00#@2X9qg`T|Gf^zBr4_14{~M@E!$dak z^9zpWZf4yQbX|sgkPEc*=aD3YMPdj9m=YiC8b(|~*zji8qJjNn;nqIck+Ac<=p z8bkR%7l1p#u7mwK(Cc`f_J8>dJ8X+eN`Ca8^Z)(x-2(^w=Kp-{-@^;-KM{EUxy^qs zd-`peNEG6C!M_Y7Q(QEj|9g_~M`C_26f5J+amYK^E!up2BQx5dSVFe&Z_r&YpEx@^ z|L?Ve06t)w3~HnkB?ZFuI5;U~)s%>O?Be}4G?kJpe|M)=>? z`lpF58TFsa{%_m;bG9x3yu!b2`9D{;@r5L`qW|AK;-YZS$2ei2m*sbYzurf3P_c(K zb^v$s5$GcK#8RnS>NscGz)>t%C zz`%yz@I@>6_FQHQYJ8yQwc8J!^|rGx=(pM;2_}^xHIQU-%euiZqnLGRXnOPhH{=J8b%4iE5Rl(-VN(ldTQ?`61>0p zNi2HC{8{ghAD^C1&A6~wM*r*-dsyozxZe>-rk7hFS;?T=gV4fL=Z|2NlZuCI7!DPi zw3KV9zhnLpk&PdSCSCY`;lq&iUcWIi^wTuZD~vMhEwvhJq|3hREbxuQ6Yznu+=%-B zi175q+wHGz(pgJy=u1m4$$Pw0|J;1i@ZK7GNem0lp1RLQb6VOf4&&qJ54xrSP1QGK z)d@;nhoL(>CnmH|c*>a7j}~k45UQAkFFOL)Vka@vSu=!jFHQ>YF8)${!Z2mGPw1z= zw`+)$A@qND0WGpgD<-2SG|M$OC?JiYVwhgS|8;d24{0PrIj`@#Ii4;{CbY8D@^yWk z-1}BS&mdr|%8lm?t123C&(njY`?V7Pq51uG#vtWd56_BZIg3uYwTgRkuvn3nBKdH77H}tj@yz0>jrNy?YZ_5 zq8D_gPt26&`#Gvh1-)sW;I||?;W61-R1H21Zs)0D!6qA2bkiDDM$k47>Fe5pydtPKU^Lo(f7C*{suX7REaxj!yOi*PEx4BA+a0zt3_aVAqoC?M4Z` z4>P>02;_4*NFd8yE;D7Wp!3Lc;2@)#j1)QWDQ6!{7GdcoVY3jb`A$jgbNz|*_yv;k zz;lx8OIFJb+E(e>hah(iB54tf?pX*Eg2wJ^YEKhgHwCI%VX*thaox4{=E^%UQMEl4 z8lQ(y)&+lz2a^zjVk4~D3E^_ynw z(woh0;J?2Q{R^<+h<}V zjw5_Zn`9%2azK!PgkPz4A9u?A#0`c4qltmKeI4j6c7na?V2)r?Aj8 z82HGAiOAsM9)8+ZLgv*kF%wbD<)G-Ia^7^)&#^aInQ4M88>LS#H{-$TMtvjgG(n3k zVwynO%v!zPxDZ{5A6-@*YT`2(?TN7_B-w*l5{;)(oMu`qOuU}nEfdH1ArJck?gJXc zm?AfPpo`sDC5so`@q(jsM{|-N^1RZk|Fgqs4hb}ciU|8>{hoiRG*SRF#osTJBPwy@ z#pQOmc7f-|yP~gue{2s7AMEh)Q)%L#!c;oL3!|k99Bbd`=+JB%biujTNHHq>;2MP*T#$_Z^Ee|vkpODYZ>jQd=&!*;1_e`w_flGjb1R)LPI{Q+}MQ8_PXmdx<)##ymsJYo=I33 zQ6Uy-E;d6_t8Z--A&!a<*B4F_)u)?0WWR&rqI-C_&k4x(Vy8QBlYV3I*s&d<>hzTH zD*cRrNH+eA`5c?^a?bfr2vQHjB$(yJBM@8s32Q*m-l?{cmM zR-`$ok(1LuRAxrmVVOzrNOi4@U8bG@W{l~>bOeJ}5R`g073Rc;y!Jnqej#NdO_yY1G;r^(dE2tjCv#QuuBS2; z^IWH6=V3p#D?p^sYfeKP@zc?RN16LzLQDR>hFNKK=HW5Fg(}oP(~?RE#kQSUoch>t#Hp+>z)O)^U5V``8QY|Xucf~6oJuEh0)RHvN<rrI6_Z|1fSo!_>FA0yWo=Eev`b%V$_p*Uf&j>YB(_S3yznR9X%!b75VC` z*GDApU0Jvi#=Bc$dmA+}gLW~$RzTb}sAm;c#AB)Q*z>a`*WJeO*JT9XkLI?ZYg%SN z+?MpD5}o{(mltwHt>YzLNWUjnSde<8x=N!YaWE!9(Wr@lt3yce`ilB@;x&3Y*s4PSz+(>UZkSr3!Hv>hSO;WZD9?Id(Wk~0A zMWOLcEIWcz^UZbeN<2ymWAHta*qxbuY;vW0^U4ejP0E|!rT5otit56J8YuoLY&mH= zywbM|kD^8uWdOax&Y}r2W*25I8Dx^omwh2vxe4XOuDJkpgE#DKxiiH)`Rb^KEjr@P zn8Nf1CRgY5k+IoE8sc4jf1Nf7&ij$Ir7-@=*PXn^_=Ix>WW{~#{ajpz`4E3XzBP+T z4v@@un~|;A6aI5O30=wa!QZ&#*e_)g-B$e25{~z_GE$^6RsmfCCKJl4%J8Sr4@uwP zXR!F&m6pm67_Ye_X8YR|T1ox(XIaI*aQ||WQi-Z61XnU-AM9XBR4k-1;#C}A#WQ(?J$b=`4?WeDLZvJz=Hv?_K6X^$6mW%^gwyA>P3V+J^Ha5rm($nft`!O2WL|L-DfK5E@2RS%Foo_9Eq-^9%H8dn1wD*& zHr>H~)#UnNSoIn&hGG>@p*AD$py-)Hv0FJ6Nc6JN#|L6nmroOI2#&NF-rsin$q4f6 zOYEbyr{G3rUwX~+|7bHexUN?mmJ;JjJ&Ybj+w-~}M_vh4$R|1@uM%|hK@Hog9e;`^ zjq+npx_GHlcxMJXJE`AITMe(+^!Ny5t>TK|4Xh~}oaD_ugkpS(p86oA=&S|nKO9fc zJo%{R;bEF+_ryvWBq8>;HI6~Gg)~+ez|~iGjYUm?*)rG`S{o_4&rABRrdWydyIa;t zXBz?xoV1?wX=_oI8HP){HY=;&Bc^~(Of8QR*!S>mwdpCk{E`<|EWu{jhr@`Y`D1Dq zliutW*&9OcJzSmZDx(o~>DIiJhbH4x&yAN0swc6z6O%spyp2}-q*O{6hyvL>T> z(5!wsZ`VEzdWg9!@4_~Y?Em-><8xIh^z075SgKKs(QS3B=wMNBrIt0`_I^;j*a(d; zrb*={Q(Wz$d>==+S=PPrIK0Q@RW@*)hiM^r_GzBtWSCnExatD5p$SzSUrwA_e2b&% z2BG`D=g-c0%mHnVqWZ>-cjPk>Dnl-#S8KtRiGBG=;}mOsTMPiyI>S)dYUZ! z2X&DSpsxidY3cVn*YmFj;X9gYG20B6#N*lwcie;M?Y?rlqfMAh_R_sE6FF#8@S;t0 z&BPagT%jA`Zs1KV**m(luqCYawQ9&}ty8A13qhIUbQ99>WPlx4nKcx~%`V1Y8NYC} z-1jZ2C|g-J!02=4^H7y8-dZNdK*h1Jd7%t-{dv#mbVGSJH!m?&5rt!AZADF3`&F(R zc?1uoSAxz^f{tfdp|i^m`Q48AbvjsP?)?eIkL4!$wB8GP3U+q6MoMDcd%ZN)U>y^u}__ z*pB^vlD@2Ww$tx`18XhubU?dFsl2|?&TNJ16?n%^6az46-z`BC@i`P@{3htH2T7wPEKbvrGsos$q z9wSdm(k-OBOVt3~Ph$RjV z_q~#b=}h*{)gjJu#+AmD;RxH!yQkJRa<4YaWRcAyz&0n_YA!U%iBN%>~Go0}gpgBdAEImf#O}aV{X>U*9M)DzEl#P*yf!yMj z3sEY~ReV@1&W`i5e~m!hEEXECy@;O~M|w6YJgOyX@2>>G=f~QS@&{ z>qXoz7*i$=$w}`@c9p2w=CVbR=aq9h);&I;(Vb&?f$_DGygwlrGsGasm!UtkT#9Du)#O9q(`a`2wn=u~Dfbv|IUx9qq^OnD)bfvXb$ z)(oDE;ZGpx*D0^0(sw1&WTafnCVXQrL!;a~ z8?v}gF0skRkjN~h>{i4@j59+Z=~kr!q-87Hq;cDEyr?- z0*c2qXQql#cx@Wi{>MuU`2u>A9FeUeU46L2xrzh-qKn8w&|DBGvjnKmoAJLcct4!w z-uBv?8t`R*_wfaZP*=`o0|h}yvjd$j^TPg#c$qVfnWbHM+qzwEW(fyXX1$HFQ&`lf z(5Y(Y%aq=L6gsG6J`4aA;u z5c|Z#v*ur4!CgTNO4yx$C^p6oyXxe{9hH_1j{^vb*^HL)ZWF>>SuAt5R66Mt3b(Px zDA%DhX4(j?M3{A{&fSz2i>J%Z&z=?Lp*gG_aiZjxNG+Lk@&VXQb1l3dJfBLHRkef! z5G-T4a}d5RFRTs6z66&$bSLJ^);vz{L)840rJsv}jZ^4jr4P9|;4VZaCwIiNv4OET zMjo0}<$2Ve8H;m8(_UEsTebsAWmgt`tm3YW$R*`{IWs6BBuN#mLY3F zyfgzrgHHM;&w11cz0-7nx3pXlN9oz(O0(u8xf5Rm*!LX0;1XnQM;yKWj_O3sUl?Vt z)uYRRl1Jr5uT3_VYd8jFOBZLw$js;Mnf67V@8t~o0lL(huGXPPY}PZCqwrKtcS`Nl ztgCXBpRJV5CSw%r*y8O2?wGTQOpl@a9e18w&>57;{+XKe9lSm5%OEtD(4!Nd{=8%= z6F3^9S=T7Dr|(h*H+Gzu>+Djx1AjKxhfllp`2_7{Y<@Ooj!D2~bo{w8`qKIGEAAF7 zdn5w8TKS8z9RtH$jBGK=8Wll0&{Huew_YF6^$t-xU2W2~DSaT*222pniY|&|Q>MtV)&IS7hf~8_AKtt?bW`1| zl$>&ww+Ypg4wdDN2#|#5ypk=w5XKz1yLQ@_I^nK}e8-3sHt0IM+y{Gl^x(IXr9g8( zf<+I*OK;gqznRCHA+y3#w>*E!$*f3xr>jGbb`;F?y1Mivk-Sl`9BWQ-@~D`?<#_dZ z%}?yD97&TlchhomY-g(%lY_1y#7xerlb7;hr`zA_F#K2Q78SGFrK={DTpxNr&_(T* zZKc|FlZ+G{RM>RUEAQAHC{_**hH$dVi{NWv7y78xzXj9+k)gbGH5b_d8=u zG?;8pT|6qccld({Y7BqiwwlW@AAP2ctwj>}z9lYxjeg9lmuH8q9=1K&kv$MP*t>vf zT7r(c+6;d*i2noqo`AQuUn5aH;JHeYq1w@#e8`tDJe+q8DTse#JgJ#2cVzuzL*4qQ zDiGy$(Wr4grn-4tSSGPmKW7`ReQ1=w)7Y+rF~@a%5;KSJI;{2yt#j-pTSPC>G02X3 z5#YtPqVw!aAI-_+?tyo{Y(dsfonF#*)8RI+EVmSKOMleZ+{9crt~`~bIhXGBbXvL7 znJrPvg$y@8zxpaqVPpkyvbtsvplskytYl`Fb~2T0zn_9x#59@El^oqac2c#CwQeOc zGnhoJ*}b!ZDOfd}dDJ7z`4)Q|Q54!!)v5)&-I#yXF;j0p`7veNA=90gd)OKem&7hs zJl}%scN`e1%jjFwH?`?kh8!$+cBXQ+lILcBNEP3x7%I8d{j?O;XKCkK``I-MKGpU? zaNarw+UT}$xzHJ?<^<7$cv(KoVY>qzORm=@@k-Wj(SqNa+}R0fJ}`q=dMrb*%OT%n&~`=+q~2?gO3~ zQ@uWj9wADQYP!#C@51=Th~10F(Ylh1qd)v2-!Z~{GAc|BZr*gL^wY5qMf#?Mb$IBW zs(t$dEm#$O_G+IP{I3u&JOexgP!5zBctUWw9KLyX=QeB0JmLW;^YV_NYic@n&AN?Gz*UaGPo8D{YUh6L5$ql&Ay{<>kND+>h7D5`$^(L{e zN*}E^pr$;B+6qi7yreFCfkFV_KZ=az>rtw8&;KYg)qc_V;eW%YFRP9PL@WNw$Zzy# z9KI%Y%j;`P#C;HVupR1|zQWsj(OX|q>Q68u9046pCd~8cCT-TOV_k6BwzDHX7h1CD zRX_m;I4OT>zW!Gi%owg5eAPS0lnLP`R z3P`R4#jhLSrXMwsCK%YYQwN>iJ$qjjkF@-BG$~?eJJ7g)84IAG7@Z^n7Tm$hw|6p8 zj+>NpfHvjFU@V=dQY$ue#wESY5H?%|`-KN{+Py4Tt_h2596CXYhHq%_j{?Pnq5|5& z#z+X=CT`>PLs?GJNquo`(bYqag-)B}H#>IYb zj2Miv!IqAinpC{20X5413IX(gcMnvyyA@%hvtkWK9~Cdn1VsVwKQ~rJTe3gnXw~;! zZM*KLI)sRTyuDR@3TbO3Q|N4lLky9!r)P35-a{rK6Uo!>TJ0^~OCq}q5*mq`_cZ-lG$DXbT42TEfL#&&s}sgy=bAnof{A+6-jH?|t3K|EJ9 z=}ZY#Ka|ukhfu!Qnucq^HDUe=_DmNE;R$2M%coN0ZJa0JuLxeBX(K>>0!YCL*z;19 z1}PHGa@3vX^XFsK#y` zSbS{C;}kB&`2+9d36l2>&VIqAy|gWAzHK%4Do{&CL|0&Kf2y18yYVqSZsfdJ!ov;$ zGmnqb&;BYz)P*&1vDg5X@LIR*7i4K;gwnBa_&6x2*0BopF3YIajqq8I40~-}`D&Q) zAn{Y^f`Gs{tcINDR_SK0B&uPw)9nwZprnhEpAXqe7n~t4x$T=XUI*DH&R}_L%#SSz zG0S9nMI2+^1fTI;ue!?hg8B|D@Vo^L`56Bdrygnbzg!Cx9#G-z(VLMhA%on1&0!{c zc(`xy&WfYwI|jyrnmjBJGD;FndV%(bJJ~OdfR;9J4~8-r!wL!YV0sz2rhUEMi(lY+ z{XSl1G{s`+bXnRjP>g!V>6GD34A)EuUXVU%Qg0QADlpmze>Oy5DqVCGe+sL+g#{t36H{gHbjza zYxRlBE&h&`J^V#y*RU2NlfFoQ_fW=qnwrWfWm=5+`yNVCu{fp1kwX<1qE+>*mhhmE=d!?GV&tkeJ$z>+(@##R9So;rAa8FPNi^OvJABnBp{W(U8`J-L0-@w}H(!o9 zNR2Fp*^m@QgNLu!@9dJ2BC535Dem5X7uyRnX8fAF>r=3KlwYH{(b>ynM#-}%z?qiG9i#mBOcY7!(0-+fsTjkR76 zJ(Z(It_!ZIGZG-ACm0N30jfb|IABE~)EM;orx)Qm_p-RBS3d^_t5&q$f zq{%7r)1cJdXrGR7qTy|Z;%QNieiwWcf1}13O8!XrXieA0 zapr+ML4MapZUPDmPY?NKx}M#2iP`%FS!lf4UvBO!)L+aQO@%J!#4@a=`Hf4UyHi;s zAJU=+M>|g(PeU7vnT9-|#XFURtQ7Fyb(L6`gyGpwSaN|yAwY4;>2NQX+A^%QE{=%J zP_={{`87txxvil*AK_|>k-3zzC)d*uRz?X@vfCiDy)_a z`}fb|Ns=f6iJSG{KW>sgZ}D-o?&H&M-)bXRu0Q)Zc{6ai&8fzMYh2obi&*|6S@(Jd zul#(S$sDO^qm#LW^l8}$B+}#G(ovhbtk||YuZA9oK&4$(k2z7Cjb-- z^IB~*bbofCCDQy=0>uF89qh}=bwT*_1Rd_v0hgBnw9w(kYXl_I0;kHfw|nGg7d1m)e}j6w@`XwEQ*Ff4#jx4R9-mwOYH|Pv~+EL7#C`Z zOBPg|VLzk6-N?~mse`SCew!Ia2qk@qJ%3)qwIJd>IW8$$b1zmNVz7R4BH_{AYKE%|R{Wa_aJ3Z9TTgvr- z^BUg9JcXWQcXnoFk#`E^4gm-x94@1--4sm-+a!qG& zi%VsonVETs?RC^b4>qKUEH10+GmyLNyxAaf)+%^$uyq*fuVwDeWHmCaCUF{4?k^;^ zK-m6=UQKkJlte%*N`e5=jhEb-H0(*9ySuov6@r@SeJjj{4SA9epSaPx51i1g<0j=1&&+9~!ZI$on!QwW?UU*n8&uCU88bRz=bNlJr`Z z=`V}VdDys{)M8gNU|4spD(3;3!c4VHMiGT*a>ko*o`FFZW?ZKE+KA&=hgkN`EJrfK zB`Xmk-0MxKV6K%TTM^i1X6@{2pTMDB8GES>S^0Je+5k?XQoB&5wyai~)S3=C%0*3w zA6iQ15rfV%@(YUj*CaIm#bR$d;AbfkL>PqEz}69+v)n&e5F%{e*f5H2*K%)FO|l~W zXZv#{+5kMfd}fs;ZPWh05sqi$wD2_AFFjMo*Dpfe!Ao9~v<;n4`+#E1MSb6P@h`o- z>|FV0OPu%n;Soz4KdDn?Hut?QOIZDOeofwWTQ!~-`{AJ@E{rX8qf>q}F;7Tvjc)P^ zQNF##iOB$7&z(`=En^Ar=;@ATfqrvVC~XaVD92jiy|hy$F-sKW9>vWpiaqhO-GrU6 zmZJemr|<$WEqKjMLbq8iB=TvRzoo@AuI|}iZxBsC4ALxf7d17*C12YQ@s6k2Kl+y^ zn`T~W4yFShMB|F!Iv`)J@JMbn$F^L%R?#&slZhEFYDTAD{ek5v zW@Tt6XJ>hZg^L$m)h?}`%vZpp@>HB|JOn1Ft^m(lLMC20{t&9 z)cJp*Si3f0ykh9@}!nRB(m+%nCgmk01JpJikvF$7qotvhEHlE9T__q z&HQ=?0w-{bwg=1F=f|!P%%d^af}qy@JP1-rIr~CEL0Qq$GZsF7!lDj z&Q!pw!AXBLhh*1`YDS`=cYpQg<*w);@IZ&XusoG+#3h`6dUa=$wS*!k7pLiGrAiGeCr4C1v`~?$Sz$LF^JxpwXciiD zLJQN=L7fv5t2viir2>%?Bd=f?WGZ@brm!|rLIhurKbJIJH6B7dB^9OwJa&5vcUy+k zU!6^G7$#Ddzs;X=A>AqCYNT|osc-FwVzjn9u1V$uS)KVQNnA^BkDo10|ATOxu(|@m zQ_?+cz;cVg2sm6v|66X_>LA?(y3M+1mX^_#kdBxN^TZR(^@V7-N8IEUB)hbE>{74} z{}jr@2mLFjXKsC^|N8P8LezX8a}*GT59x7OynxXg^u+<4Q+MkIXZ(f%H@D%r1trQc zBcmr9@Q4MpfDN-$AVxEv`cWG5*8&nYB+D0h{T8t{)xEVX!1F_iBKHj9J10rN$a)MH zIaeBv*nBNXAR;mp=9-@MW)l@^ZQ4z(@7PKZ`+5=b%Pe#gUfkj*9{QqJ>UdS-PPA0n zc*3&c&u5oIHu&+gPk75ELlQ#5(dKO{85VMs-nMkS$}SON#i>>1~Iw?W=l~4d-~m{q!KQgoGsaDBfEk=@F4am&VTMhF4D!+N$fM?|6AB z1~(WhIXCtdLaypq_KCxvAW|p)WUG5f<33WKXu0DmY3@RPtsZPYeHXoW$z7iZ2Is@G`~OL$Q>Z! zb%bt;gMepjeZW(Hyu+`{qOlyt;+dSUb8~M0yom_8Uddk?e7qS|X~dt(PUly8xRFcb zGQ|CqUp+=?s=M!8zuNVK#H{^tooj?B$kERj$WAs)Ws3)4^FM|+3^-r2ay<^0=Q-k)uvx zhKyR*`w<;3JYB-qe@v>`Z6(+Ibp~~DSpoe_ggD!YQ6T@9YYr3l_itySu)o&1g2x2d%2SFbR>=cZZdm5zkE2Baitr=3{V;#TxxN3CUJ1 zzhnK|7~NQE%~<*c1Od&7^p>;u%GywU_mMc?nRg~uxi8@puv zH&rpkPxsL<&+$2%yCmDPsZg)M)P<;~VirlyiFgUxP=)aAqT1X}Mo2kzPdq%hPpRe* zW9Lw~tE~4~-mca~#{Qe=qOSJ|DVV5C3L+JCHF_rx;i9Cg=vk8(q$E6=R)}>NP8T-f8 zT}Ix~$?8F#I0bRGF8%QxE(MU1NqiFg??e*R()O^yVyC9mmN@& z-WhVnsbcK;^GR#Jk#}u%AWSFH`}JooE7^Dh|Iv8|S|S-p9j|rtBSmIZA!8ElNNHp1 z%FGXrLDZO6Y9iimlEf~nk)7b&uuG5sF*fnqiG`OJeD6-v7(1ty4HYfl_8^ zLfh^D`7-Pzpu>vUU-z!nbmptAg1LMW$XW%Pf!^~?b3}D4`LAuR6m;U;evQ*bGpiI!t=X`1d87)8I5%F=_#$D?i94 z&VvO+=>9>As0LH@&oSW9(srh6VHaE>rl10_EaJqF_AgJ-0%`L@8$`Ga~ zEIF)EJwen>Ax=XJmCz1z_eliy7Ij;-*%Jd~-cv9TN7T-tnLw9)=TjK+s5M+^%{;?T z7!DYnr@m$vL%a$JFoC%mk*@(hgf0nrj+}yaU>YaysjmJ4=f##x zg++WoQ|8aVsNFh2+Ej7zWx7~?pI{_FPoYKL)n`Cy@8B6#X?YHD$&!$rErVY&m~opp zUP+xaH8IhltbmUV;yyPz96k9Kb-~)H!RqDWz)xsT*jw1+&JL8gc5#gO&=895?n??o zPw2n`2NkeYxIuCQ=(CBIW7`uaOJ%*c7VJs8SrQh)4J#U3)jdqlRzjW&EA1c>t)OMNL; zlb7G{m|!+T_cn+*a*&$v&8U#F*Wy`tx97`;_$&p5y|%p^G6*Wm8eAnQG?I(e%*9Pt z)?a8tpwqw@?XIfcZGQP+arZ%LHOZrNOq~w!`QUJr%SPVNmVl8$gc$9&lAX-Bx*UBIpRH%^Cg^LUL%^Elh{QQyr9Q&29UGzB7)b*H9pb_sqxWHe zb$va&Aw3*RxwrBX9Se)Ynk4@buhvEF`?S+~4}2YnZmpTDjW^>(>U0YKNWnAsVET=w z(SN)Ej2|4w{lB||$VI$AtosdIaLP@n>6Zn|-;l*y8!@p#C^%lVzdc1Qlw5yJ&vHp3 z*hAe&D1Uu+O~w~E=Qr%~rtffvGx%){LlN@p{UA2N+mL2Id+X;#;pD^})@TD~G{cxP zgRG_a52WTm;d~J$*ITusPBZ}l56>*08~;>{xBQ_LpaMJH!e|cQ8ggIo=5l6>+u8zS zYy|XavWLNl=WsldZZju|(xmlfAn#@MKUJR~8U9p&g?mjngz&`|S4F z!%cVgx&9XU66HPicHD&Q4x_F0=NIr~48Cy&ey+O+>=AJSB=%vk?PL#LzKpb{L53R+ zimIV_j51mAslN$~YY!eqDW5iO=8a85xon+d?!6Mj>rdIZFD-5hwpQjG|8N7&dCj&o zgXl0dV_a~Zyc(#}n|Trb?ft86RqzPJi%xi_8SmVB?!=tB8(z#VQ?NOEzYLjq9k{fK z9~{{HEAGT*?hG7?yGLqpqpI4$3nBYgngO_u_?yaRXZ?M)t8dPdTJugFlAXGy>USKn6Y;pc1-T_|qhzLvImQKDE4Q$1?*=w#ezhd6t6=d&N$x9p!&Xb@k$=N(ZtA~Mp?Rw#{C%6m* z1a5O8c}L73Of$au_g{Ph?2kB?lR4j3gEMej{UbnLpy{lVpxitkV z)Y~qxImv1HzO@9k#2qISwp^!#|eYQ&v*oDHY{>xlggA7&;|bm?NZUKr?%YVE7dOdr9mi#bk` z88Tazfjn=p1!%W2k@3vflCB1cK6UhJaXTi9qO;(k*#`F zAv=>CUul2qt(W4qZh+vaW3J~xAhC2BeC~JNNYY$^0IwHz4_T3_>GvD*zR+kk6}68~ zR@*S&I3Pv86edje2hDglhRj5tGWi9$u)4ePXs|D>qfgj!Tv}04P^95oRYj+vp)q;& z8kW4?7?lcao;|SRG%_+uNJ_drlU0sfUYcI&9~k)hwBQww<6MW{+V6>cj{BL z52E~T8zaDkLB%?MmL>li-hSJUnc4x!=|l2h%L*$G+=-oIv~B&{F&rtmb#dfrgiqMQ zb#GNhjr^!RUESkBEq<~>3nN(wIa1xn;RdQ1XfgYs+< z-cc#T-N)sFTZUh!jjYywHnn>6ZxDm2vya1A_Gs{@M<-vJY(%gB;g!!m=GEErFFWMn z?}K3IX_bUN$5=dulF}Ir*eo;X!>O@igBVj?sf<;)dX3`t{V=RWJJL%Gx9~msYuw(~0m924YTfIfQwx`TDFVi21e*1xqWhBv zCRc;0Z7P4#Mm2SuZL~%r35mM=tm2Pnj;9*u_^w`SYsr~S00&-6KWw^@hrRKyhrJmF zn16#QcIK@D7MnZXG%(6eq-5Vxnie8S=_B_;LUHOpcwuLZXX?#uJwL#=;I;-(>djm{ zSB2o6&ZQ`ib~s{P=e-XaTMeGkIj6?E$bRvl2J=ly?jz(>pG@30($5p$t!%33d_Uo! z!#yb390z}6 zhM-B8eYkCYTG1z_7TG?q6m0vT@n8(=e9|Jg(5di>a)uX_5lWBT~+1NPJJ@an;(MQ|5E zE7+C_zXOcu0k5xbGW@mJ<$E}}P7lysPh=bzljj&p&DEd6X@j{Bf&LNL?5)l(!$qeb zP)Pq8*~Z{0^`*Y+4SoNRU{8aObfX_>j}-}ZziV88Be+@FqhRVC@ki>80E6f z&-RiU!<(EG##1prSXZ4qz~xqnkR}@`@H~2-z%ATEufs2)qAdk`Q7dR1&80D2>%W<= z(V6fv1Qk7{&^G|-!_%6dJj@OmDGvsR%(!^OB!j}rBZ4$pid2JeRl40W60NDL*^FUg zMEhm(I;ppR-Vrg>Z+8OXgfWQZm2kBS-KgYGwgTQ+WyHq-=UUZ$0&-66Xc$DLQ&;q| z0tbOitbB7`?lpb;pAgPeuO!8G!|LGgZ|usB*(Lg%O~I&%r!D0C#s@v>2J)SJ~~#9^Uwc*@?7w91p$<@^%+gXwdk}V53yY+f@3|*SiZS zQjmXBM86ScLE3@qSOQ`~*XSWF$m^=9*Qixze=ikK$*_4t@ppgS*mPe~bEZb!57y1& zMzA;L+ z!tn~^k!|SGC3j+-)YsPh{An!+#ihcj*x?VFyD#o{k{jD_@Ru9?y6T0=8XAu#X30Y_ zHHq24x=sLSk)e^m`&dV)WBN>kQuA5TwTa`~WpH*N_Z3@WM7K-Ce$vBAIp94mn*i$S zN-2dd7~ZDWjYb>66~%%V{c$L4Ec1=}rY9H$6jTlNE=NH4aQw1aqRlk`4U%4g%Ms4C z@X`F9%4=tI6r@QV*1&KOPWAHLb;q?J%?Q8nDwy}rVF>?+FoGo~@{VpLWD^fXwG}S6 zhzE{4{sur0H^Rc#B)R+M&fKs4wVzq(Z%*vbZ}N^zKB}6e1cdIdk4ETTJ|DP%(&_rq z$wdfdimh>j-xgWID(o0@%htJGi2&*#6X*bS_9|8x;Ec4rn;9l~_%#7yN{nx?Ea7S%t5?4OWo zb7~vEqK0$nZ6Z`Jmd!C=N?9HQ#(M%-q4U8E!TXp$yS4V3gc0m+wa%7s>|*i zl7f{MS?e7v&B9sudY2y_c+$xRqp@K;GfhNeuKBHU1ew#`&>AK-dlV7FHNS_6>sRk_ z{2DJ9fO`sZ=1L|z4sM5PQ?s8VH+0Q{%44=f!Y zRh0&<8eCLfbBz`Ah_1Y-9`2YpQd*?vYGX#cexix*2KS~uFmau@iq zUp3_l#Bz0LUq?Cj295<_IVWK?T;PPzwW`N ziMbZ67f=QL-7wjud#~p|r;j)Hr-$C8WygY2x@;K9=$$%!L z4h)spNDy?w)!NcXY2)P&v9Oki^5z$jym|s%HG;OY(1(V;v?3Vv2Ardj<)F)d9A@aHKQ`D@E+~2wURg}p@+GsuGU_6pgpGb)j|q3&GRsM%&h+oe)(hAbxHuQ8RZ- zc-X)h;x{Dv1Hb{hk_RSTY^AI1#05X#DAxV8bbUukUw@9%mMJkL1Qpxlb22lRS4G@F@JoT@|?W9;tE_Y5K!TX!8%*))}dVMT3o;aIJPH?hg$j z#@gnYwp7`D+lEUFkbe+K^n1BHG!u^ur{gTHff~0+zlY$6eh$lO>h`I5 z;z$B`zlaeNk|mK;3f)>KRvqpoiq)N;`b9COV$S!vG7tj+1SeXc$Z##J4a{Cqw8q~r zvDJ;m$G0qz-02c1X2g4cfBq{2YKR^%&^XEJ5e3>%aQEj!?ZpMf`k~w;O~=3{4CE-r8t2Id3AkbLlDxU z)EwKOCaUhYP1lEKw6soTVhD`Qy#cn`^-N&chsbLg>Bm<(QVA!_6kiUc=_<^M!IJc9QQC1Xu`1P$R zWmZ4EmUUS+=KY0Q&wFmhx%79OIX;_Xt{|F(^XL_bJ zV^0OUZdHa9O#kRue8KhJsLKtE#ZOwIpR2Qd9_jFaxw!5Bvx(Bv<$z)_`;+>aK<2c8 zPWMWM3F`>`q%>isjul+*e5I2%fI<^x?h(Ak{o3^YQsY;FiSV6Mbjr_+pTku?4BNb4FUEUTmeBX_JHKA2i>i5Y6_`LSiY3r={p)b&i=5w-7HSYU_SC1wNrFBiT zHOuV7b*|=VtgW)3K0^rA%}i6*>ciP4D5HyWelN+KZN>=cg7jd`t(waa{nYYWq_GCC zPUx4feRk5}+tD$3{2LMvi#l`C7Lv<}4(T4{Du&v0S@yK4D@wc;uq^U(4TjmlLcS^w z%0%>rs7tF?q$`LbV9oB_c{aTF=C z1QpEiCoSq*P)mIV@-NoaJtn{!C>C{nk_w|HAs3WoU@j^mXU&)VoM>_UkF=|FLIz4Y zL1Rnd{;)(Ili>Z<&S3A-LtQCFV8!0QnoZ#42anZi5YoJ3`^@NIM_R2caG1b3k9F^c z)F?YN>?6J!gKjQgX#FD5eHM_W!ayvOK92L<__NfUe|GFfTi{nE_0bBk$(REwoYgAhjv_&_Y$2lp7dDp z5Jk$@KW1R__-MV)(?@r&f2#r3vgB(?xUC7>FK8ReMP>~10NpcP$b||7mck(C(GI;kl2QDbzu_-Y==* zM%KBG9?AV+)If91*Jl@1bE{g7+_Yn)#n4EL`MVu}ld{F*En9{+ztR=@nsPocqns)K zp$x@hqbOK35ywkHYfaKm+ND+VH$b247n$M&?;WsUW^`ORH$UG$C`hDr+HexPu)spx)b3NO(KcaXM@ANwfu0@^US3{kXy}=RIT78@-n*PJAlBpIK7i&S zG^-vvXeOdX)7I8*XlN)~R5AL@nps{J)og!ZcfyC~^a~#cJ031ePR!6uGI!RJL z>B-k=xVI<^ZxWSs$dII8Y$$)FZ_E~-m=)AowhVWVgxgZ?(y=U$J%OXFzbSH3mULUM za&S$%vQ!kZE0yQhaowqSfml&*G^tWQEletcP&ONDGFNS_tmZmK5+=!|f`m}MgyIZ5 zOWmJs<1LKV5xh84F4H55F0=6{2+Br=fSXBOuiFr$X()I42Jb{Ecwy5y*>JRWf7c{fwx10F z2B%jA)`R5&f#ok5MHtJcbp(DG=Z)*TnECYK<~_7@9XCB~%_4*=fqV%-dtMXa*|g$; zYgADq(IZmRG2a9b?p>r34k2_4Id9-mtNpjCC1hBlD{NV%IZnH>;$(p# zJtkn@F!gbm=7j~y@s7cfH}sL6k%euVsC?ZfO`Gfgu=bWwaV=lFFA-dWJ0ZBcTkzn) z-QC?ixVyVsaCdk2;O^SEbDL!E{on67?~!}Qr#13`Y|$$ zb8UXopxWO3O?^s|1#6~`L~7>^fn^I}Ppn6%47KDao2c?^i#QD)dXF3q1x z%3gU6?0vWr-#9K=IKmvQsZBrQwHbr=d_qI&_KOh?|M)#MT2|MRf5JpqKFdh9|ctE-09qrdKHbI^XK;3N;*fW55w!8Z?HD? zo@$RCwyG8H1wIPEV~-B?^nq@;=YP@-Xi<`J825~jv3yV^lG2u9ZHSjBu=p^MeJ1W- zOQV*K+T>l!vPkdVK;15N)4y2&Z(V9fg2Y;3LPe&&%aCn`_<=+LMwbq6gQpgnG>-K8 zT4aSgt+Lbo{037rMrM-NZPggn4X2Of0zA`cj4UOmo`K*U(A6reWMoH1Nc zOva6+9h+g@hmHtijQ0#SwGDOxaUP>Pgj*5C*WxZN#oUlyd^~~dorDrw!374j2@5ch zk!`kTFqZPw>Tpq_BO2+>a5hKQ23Zk#p~uiLCn-&cPn;4kBv57Xj;fiqrJW=VR=3fb z4yC)T8=W?v;K7=uv*E*-kMO2Z_4EuS_BolPKlQp? z*M_NR5OcFOD}Lu5aAPPg>|VACLfiAkr{+K_&vn~lt${C>K4^Q{ZQ$cpf(yOV{#Qzy zGL*PC9`#4VrV7@;`px(_N7k2pf>SV$bY}ZsQ>oT%u27H{tVyex2EkMuaKnA%7uZ#& zoEtt6%@Y^5;wdOF|7!UTXzF^V3w_5$_2!;n32r@}qVJxKWSg&furkiNIz@@HpXV{e zJe7f*pwm7QfVIo%%0mNa9#dY&E({F6VY7XeDW3pZf-wpvqFj_3>wO~yNb`re=7YiWY@)uG5;D%F*Y)FGo(n`=j;H=>N5 zBunp=%c4t~3ysU#>Jf7l)-&sgBaIfInj!@}sP2r-3h3WeY8IB6tMlA#6o~loA z)KVYMt3r@`@-2yiKXaeWM7>ysYDd}%KX^K?Px4s$Ihna!jEPD$&Cs~b=ISb%UD;2} zy+`8rnaV0gxCyZDniVN9@@Cj-ckyx1@1ke0pB&(n8X0vvJp53|+Byf{bWJ9^Can;f zK6Dl(pEAx49LnIRyPYm)x$Vw&gDjD;@7rkfSyfwKKq>tJI{q}4dC2a9jJ|w`2D9@@ooX-E@;a8nmACDq+oJuJa z%~jt3G!Gmy+VZRVS)5UFfpO`{^&fvr1gM$>imL zust2t<`W?Ov=vlfsEw7!+-|f$GP`fz`&>s+o5Azc_|ytn%GHm0Q|h$#t_C-Rggkbd zIA`40qQE3`+8z7WftQ0bgn1xal?M!-YIRM}zA=odxZvuMZi@>fz~)G92v>YAV0y6V zA_Q0%Z$?NNV>#=c|KTk-&g#$*^oM(5D{7k4q@W`j*Mn!5BpbTs^A(fM37Qo;jwhUw zSGE4xQSGaTT@c$e==ND9H8`!(YhpL9a=^Wf7s8XGhE@lQYtoVhe6^Z~w&pKz5WA$B zcqyfCEE!!C`*_#Ij`%M)5t;*vRyx?t<>Zl+3KxP zy{$FG%iD2ZT`U1Xy$*Hhl;JW~Q>IknchN;R?C`~9I${3jfWA}gYxLe7C(@RTY{>Ks zaow{NMGVIWSxR>yls;xh?M+JeG2gqb*6YtCXsih(V?+9g)kpr;zt&Pp10*+duVJ-Y z+w@=64DDDuvMo&Zyb|q0DeS}VQrh-99`RvBe@nDy@zJCD*6O4g1Kr}6_zGQycI6g4 z@J_RCano8(I0JMMw%QlnHYtSEmw7u&QX~0XfdE z_j82JB|eaw3qj3Pw>mr*YW0!1gno6^n(8U!t7+i&qCqEKr+2DNbEGb+@hVwpL|Ohy`9TYb(&@MK$R+SjL509}0k%u%^IvQGG`f>EeXRGLE~wy-=dY!4ckt zoG~8%T1^uy9~qzfp5Y$GZFLYt!+f?5Ei8UcPG4vz-Q%Ih&M9pdXXvHp^-ig_($ncX z5#!+nrdadLH~F|+ANzzCB_7&7s7Gdam_jwNId$~&b$?)}f^+z%(0ONz?#Rm`&Ys{` zb;mY%k1(=QV)~<<*8QTx^TjUbnjm;G^|EWNzSiA-Lrt3gTVvYf1RZlV;c>9Y}^-BH-f-NyoOHVQmFOZ*D`#jqDWLThp< zp4Ln$I?Umgc=nYW$ldS)Qm(eJwjSdoNUSEEvejQR)q7yV2~DkcY;gQXFghjxAJE@b zc#?gPa@Yv@ByrC*0MUP78O6FK)*>Fy&_CN^z?@adbYn1lzp1agilN#tP~i@(o$N#LU zk4iUm6D18*3o3FtpV;P;Q2L-FEBah z%l6}eKy#Uv+T&2~n#dsE+RV2yE|g8>OepR9P*OEdw>zo}KLC_W)uE1woGnJ#H!(rr zwgsiZG$o}qLoZxe<>e7|4%g+-9N0D=(a;i1=4F=#|3qbh)CTx|Y3 z-8Aq_EfLl1oSY0ROJ4+d9Ye$03G^`MJ)#UhCop;9cEJdB^!jdjDU3 z7(eCj1AE+2D2-JwJd?hv1{!KwONwzrJxQkw_r>gBXdhLP2@Vc6zM=d>A$lz zpwSv$*qpCUWO!`<*jGH%-w(Rc`n=pa4?G({rC+-?($~in@NlZy()Jkdb?!Pm&BwC7 zg9j%7c-+oAE|(F06F<`0coenjqOmA;ct7r1WQDomgZm8ag!}FU6xB3}1R$++K)VCV z*9GDp$a`e73ELAY00Q(NhV|4sgPVes$}PbkAa_D~Kuh(7i;&kwZ`<dOyXNjDFI{3(6ve$qKF zoNmX{GtJxSUA}8w(<_Hcl`g@<0inqd&>>WLJe$NAt>3F2muXj53!k{jx1&CWhH9-sGipjGHY_zq8c`P5*GnfL#W z>3he075vOM70*@#cuayrR3sin9KZgy^Ei9?94pvcuxvlVHZA;n{hzc47T-LuAUuZZMxla8+GEsWD3aXAyNDm$R( z_eRgSkwdFHY@oo6oI*?&d^*{Yh)zPhoaCXUwua0&8TpDwWPrPNZrkp86ox1ziH;wY zc5tNwLNUL@U=~ZXk@e70lSy}NzBqN$n&S(Aau4p7$3KQY@;!1&%LW|_eH}_&BY8|H zW@3;S*|G%lLbL3n1A4{=Z?%rEo2`Gu53%BJlCmdg^NSkVJN0Ggq;eMFd0M6 zz^l0OjPc`DL7)1dXvkBy3t}1mL%-Z+N{nlKXx`DdTW(d;6Gi?|-NmyKd04ZZ06TFS zGTt55)}Xse_mnW6&C$)U=3T%7evJvRYVExmnA;=xrFtlND-Iv0g9Q5|%4cOPahSq@ zAF&)@+k_cgCeIdj7Aov&D2P2t;TEA3B7h)D^Znsikn2Lqszakp=a(-mC(Sa6o7zs6 z{uZtH@~v$Xco^-gzRqi58-7Ct4TXMhj^*1hV(s|{Kn+ZW;Vkuc{Jbe)mxVh5Zm`vw z6QDufFfSv6fsrKD#eEL(eDHHLfo|iwuV}<&k3o*dF%7ea=5?=E%ySzFLH$wMmj!et z10jh4XPZWorTOZ_D-@nO^Ok1j>}hL0EVQMjNiR%5D*Ooqm$uYh(;lW?4D483RS6pjNwh)%fzM%Tt;WC0lP!c?L{o8kLL~v2+zD zl?e?**Xz6${$i#hMr_5S_t`9Co5Nloqi<>Y+gDXXYbRwwesiue5_jp;x_Xch|D99+ zxOf%Zo{bwl01c7ufbj>s$BP#{_p^W2uge$zYp0ts*6|tTMsb~+o=;a*gW5+~a-2L# z{#@Nk4iB=+!9L`yj;Uao&`9%UTU)#$0(~n#9~>Y6iA6e&RqHD&tkjrNu9>qHkal#E z`fI|L=dwkv-6$VH)%zRIy6Kl=CA%MWBp5xac??zg5Fb6?fOg9$&m$>rlU0K|DfCee z?93PDPwD4C@JjQr51q%0HlK(xTO7h3R~K^fL;w>%!sFrCRSwsf?MOX}@=8II{VJ6` zskW&yQfjc)e}uWzsN6rfq3jWgan7*KI(pLwGMDE& z0^MVK5a8OMn@nMNc(CS!=)~9})aHN>4HxIg^<7zxj!o^H(Hagx%iOM!>(z=2&3f1+ ze4nop?#&t%uuDEu9YoQq&CuHfBmbV2Zw;A#!0+Pd-prq}(!4)xx^zD`6*p#zQl>c* zl#&maM;*(Na2p_yFE`bZe6BW4tnUbIp2;!?r5kN-6)lh#bJCpv3zd&;0-bC4H{Jc} z^BJngyu;I2y8D##`0Vd+mh=ReJ2FdrC8j9{)4#-cnp*Qh!Wx?U6}Wq|`*iNi6S|7w zYFRn@wXdbl8#L#k3XEv9;8oPqN7u|Pmx~}BM-m3FEoyutjX?m{C- zzHp8F6h6K7#kw!SDT&fB+_Z79q4+bfNY7Xg4RuH=bB?k8YH0I`t}@#_PL;4ySz=9(?}-yBuY9j)aE31MRPai`e1sZc zd1Kg_=t5Na=@CwQW4HHNmNT*!iDtd3i0e}|-?z!89+Wig5p32_>kpdXTCY_esdj2T z5Mr7)SoYcvi60Hz@2UERd3t7#Jy1gSyoGpqc{^iH15RVv&eVQ$YMq{;VN5~^pRh1EENqxf#$&Pb!fY`Q3kzDFjEImB*ulZU$eLZf-b!{< z6R`Zd4lq$PJslSm6x7JX7+A?&vy|BnAujKK=2VErHrc>}u;^H1S|<5N7gmq< z%aki%EeqL-u=Mm>PSr!J44` z`3CFe=BCDUK725S#P;Fp07}=^R$fmpHzp-TZ1DscWXhr-G9yDuNQix5LA0tmPETJS zwJ&#-8pU=m{6}hP^KIC>Z(^+yl4I&sRrG^HLxd!I)Q+d5xacuyrQ2gTp!fIpc{(<> zwu1xT+C9ZV-4jk?PD+YSh8yfk6f8B(Jzw=6^&ZI=x&KgdIv73ps_sS2xOYNybQiEj z37h)^BNmIrc7moymiba0u-fmulPVu44Px>W+R9iM-3s%uh@&6`Al3zSuj4JkE@O^H zX)I=EXIJ|`<6DT!!Od za^b~*;x6}pIR*|m{TAYbE;J(R{mr1jvg*l1Z@4avbOB8|Fhuk^wi3_}^|v;V|6D%- zg)aa*AVr1UK=JKOH3*!@a1Ofb%NhJI$M1=emzESeg~IQdmU`0wftZmQ$zlF=V9sPi zBr7O?pQSeRZN7Lr%c#(_0G`}EGU+z?Kl+17_)XblgKZZWGo2SkRdvf11=S zn|uX9lqj+y4C6V!nkvgpV4^FWl@g}d%#ZJ>S&oHuxB7=U9f+uo16Aka8Pw+HkMmWJ z(^by^J@#_4OCpy=A2e|2fR{C*?z^eFG{uk9U&;N7;-|tMZ=R%FgQ*2e2;{hM-OVc1-R0T z?R$?}+pV5<;-IDLl{+H|l_#r6 zE&Eyy-jLfi!ViYEDt0!=ezIt*XIb91;@35tWqFHln;?!{BCiEu8`7G5h_la~F#%w# zs+*Q7K6h7EdA|y}+)B$qIFUQdsQl}Lxsuc{PI<-EXT7{+2JKpSRQ*S^YVX_p(mj(g z^V1s*-?e3-k7G%LjwCil6Js%FZAP7^|5gd4>6&0Uz?us$mjq&zAI_gRA*ep=13aPE z+cPRPrx8-QKcDm0dpc@{7^+b$^W0-k`vLdd{Pv zG&XZ=P7JjbS%UVFv0R#WKiThdHhyS1cO{8HN!PUcE{lcfeDORk@oU*06~A;bJ533l zfyt6x)z*texD!aIb=2*`zD^Cqc86e*q0GeSn6Vlqe+>A(xLlwE&wQmX>g6Jbs%+0V z!RZ;5a-&Wr4xnve;jdqfEY{H6j|kPY>}omdJLi*^RhuEV0R<}N8Ly|AW}_isEkLV<>(wD)vyz5ZRxhXJfv%1?QqZqh_$H-mgPqFfRr)-XUB@FjfYpNr{9Y znD8&5Cp@iT_ILU<|3dr5`QWVz&=wX02pVP>!`sRIi)Yi*t{!D1^vNav)KYLZXD5oa zw1ZKW&d0mUz50pO+Tb;qRbAP0&5s^Nqo?*MmFVnggRckTPs#19=$_tK#BiaBFAUSi z<)7k=`1*n{E5nTo=D48pATX=x5 z?Sm01Tv@z;+>A#KzT4B@9?U3YfksB{M>qPw?Exjp-({lFGOO5eXTWr*c-M}!NfF|02LNp{w&;EzZH(`-n2rpcCF+*H1 zbQj{M>-NorBa*w6{8ZyE+3}ur2EqP{1ghg>G6nA;HNYY!$d4Mb%55!d%_D-$5amco_h(+FSGNv zHik_*_#XELpghkNK1YkK`#b6V{s$j0s_vww-m%Ap(G_N92{G2Q?3Ir{0!D+f1zm^} z=Xtu5oi7*cGDL2}u-=edX7>d_0LtqUC|YXMlxf<#hLKtaae%_3`LuW6qkR2hhY2jq zGp%P-^KvVA=LtQ^&t^-_z{Q+EZPq{B{^oLH+#TCu3Z7-_ z5i}R6VINk(x2yAYRBLc^VFWO47U^3MqVnLo%N(p6#;L6=}=dcQ(&*^|CBYe3#isdKkW9@TI7Cm{_N_X#BK*_BUI6VLqQkVj?1YT%Qanp&~ClsO4}C6GNa zzemRV_*>&J9-08*_e}{Ddi`hBQ5deSr!NAN=zo8G5 z!2ixi6Oj1Bqxrz8il~14y;1VP@Lz84+tm{MX@TG6+ChBF8?F8^^AVUtej{-544&4z z|JeT727_<5dv@~MLoA*0FXvs=np=$e&3PC8P2DEs--da+8zcu!%`cn&_5Qx!L#>>w zpyK+@zkna}%b#Z0Km#x2ckcxD|J8v1WY+a;5&qp>j+2a&RL)euKLb^SfyqnU8g87f zsCYE1T?<3;Ar}VX1=4o{@=f@$qMx;~7#<{mzR`VPrXP;A68hD;N^BelxbS^wmv#+{ zG`x{ipss(FJ@LaxdG|Axew-l92yi&U6vj{UTr zhN$L`H{Dr9tKA`-(SMotAeUuM)YuWSF~WuVX(VIA;c}(lnHG_<`3CnOSPuI=Is55z zW1JgjKRrH4C)QEB*e5b&n15kCW@j^@I{@?#)Brl%bHTaHLr{ym?sR7{-_sED==9S! zxU3@tz?EvL2EPApZS+|F@pNURvmsRYr)=P&;HQ?*2tHL>eE_0C^TKk#1VWPg!2Z~`J ztjBS)*@Vs#fyexRWv-)qYll5DZrnnN$MyXwXG{F^rZZdo7P(Ul{n{Bp1#F_*9cHhk z%UhZC9OX#GLT4yh;Lv0~t3RN9)B1?vAG;d>UXG?{SZb57s>i zF>_V)zh`jNBB!4a?Fza^p*S#>Blh=D(;VUtXjL_;9l3hUTrkhGZ)9Zi~0EdPyrw?`4+(=~i=MWZf;n>fM1;k^Jw3l-UFa_@dwWD5cPWtE?e39}vH- zwqpbHQRwD`#Hd6&MapaSB<^aWeH{HL)mMz_SpwCUZmQ}vdDM>3O0BSmo^FL1a?Sa> z9PzTYPaXRctfc*I$yifk97h{*aYvI1Wm(x+r)smYYcod93V8Cy;!%1WGdf&l!L*y~ zp;1=yD0-%M$b%{qAlfHGJIC05CRh4fsnF^1DT+_sTufq7utg;V6f5)p3>Mwq-YJSx zL_oH~*=vIzwvuIsJqux)yc>NAe${5M?+?w1dpLUy-g3Ivqd%1eX6XHy9u*wm zIBS@I13Cc@+vA|UCHVgu#4#2T2tiJ1>HbtcbtK7s-_dE6y{Sgj0MSn z7Hs}2dv7zMr0=}q8}K+Piz=B#K@V2G5ir5V{HQ$m6{FM>}Mrm7qbqXKZ>#h@XmjAJMUfWa^8;ZWh&)j+kA?d&PiHbx=9 zYtQ7Pak*S|=zi0*LyCsJ1o2|MISt@`{)zj&DKbtMugURj9IN%D!I~r0=W*Q1d|Ze4 z8SyZm0{ctp1wa@T}VU3m!K7y1mU`Cwg?T%tk4s7O^KKZI$X3Y zd~%~bL$7Xk=y(3~eLn3>v1DanaX9S&i}+%gWskOKI+Z1XCOhGAd?bZC(jC?QTR%E` zBg1p1%g7@N2#oJk{Jq75 zQxn3t4R`FsR$q2Zzla}BxXlP(RWNH_N#j!fKWGIm99rLe}~*o=ly@A$zGp z^6KNc#<#s{iMwJ${W>S*$zS%LZ&!9VH7wYW(iqC?6KX~6_Kyd;JT-F6DVVIeK`@8p zE4nU2v-*i?($DP8WrR(0X|! zHE>^Ak5iUdb#6$*B%c>iS#%gMer@<{LUxxc(r`E`8}~F9-Uq_3J%-w`6qf4WyAk=2 zD|%F;I16jz$%8Bo!e5uVJ`9haOkS0yjmGf>DoU%VVK)g-nbczX@kJf%wK>?lkUIhk zYXpUb5wWu;7Z#G{TSQ24v6M$(#K*@gDJgv~mLr1!`yd(zi5W($c}ofSf@g(hy1I^d zBn-R7cl+Vz18^}v0$T_yJh-W8x?m#ents_w)^a_g54tWB7lfQ(VYMjqwvvH-s92J$ zb4omC!ufLvI~Ma+8g!KXWEUbQ1dtJQ{fouxUpOzUKN=Vq6v`E+V(|o2W{@yq!V(kT zmqT9yxV&RxWZNFe4swAeA^rtEaAO2AIhnUbB1GNO(@*CBOlqC6loM3?tY*S9Uu(uW zj8};AzKxK$M$%0=*}lbMEpQ^=0jw}4w)ojX9Q5WdX!?sL6ofs37T^Ayu=!*9ln}p; zkvM+nHwb(I@8X#-=f@_L8`3vK2L#7R07?7{UNm#X0J}HIKUqEaP(S3}tZi;W`Sm1y z_OhDENc6j01R+9S1W+-$dwPG+YX}Gk(&H=$e4Fnj3Z>Xfq{NyYkOZF^@y{x|(EEDo zNf-WHQRg`;uHeE?B&XjO^&88xKmTdlhO_Cq$XhFas|5kx$d5n+Wt)Er^Iykq_D22r zuLFt`xyYaBEbtAapR0oWfCqP9=1*WE+U*l;Nvr6WO#q$x&8~_}+|MC~(9$xwJvF2% z+gu6|QAi@|tvVJfO}%4j9F4YnaCn|ibc$ta_@tzP0|Vc7M^hAkbt7f}8f5lXY(p+Y z-tX2S`e(a{FPeH#ClvWE*N5V%tWgm>FNtfOuW7BWxAfMV0zZHLY_LC4(1w=^)aj2L z#dP|7^q)4OM|ZdiI=i?`l_=5-CD4p_`hWv&Ziop9b1MRf1S)eP0{Nwxk3OdV^!Ym> z>aAzaP>^tO#|ou$tZZ#_fS>AiyW$v2ChIR0hPko7pIGFslO4amPl||y*9owzp0DYk4hh9ruRu*Yx-Y~8vi$IcuPant#Nkba5T+Pbo* zxA$UOgwUmxTRo+xr)S1me}TCB*Vd-a&i(fN#kJc*AZvD` zN3nc~&}^~%I|wMKuA!k|U=KEQoD%eubeyxMyY48+km|F%+GjS9JIbabKXfE#NnSx&}vA3^t_sm}Y|Gu-5=E`^UNmMt%3 zWhEx#C!Q_lJM>bPrs-0d2ULw}Ecz&-C$8#~YM(_Voyp95UFI<2j%-^7V=;#>Y;}6H z)Ae9e9+h|uDnyzk%m!|J=m%ZYsMrlqUJ{pCp>{*(Vc6Tf{+Hzpxknr#<+|mUkMISg zC+v~2JVgQ6n&UU^F)tMWg=T9z%SgK?fC&5?Pho&5JVRaRB7g50@rKz|2OsOrmdjZC z%e$QB#jL&z^-C#TE8`!CVb2Gi zg&$PwVeofO2!`*_vMYKt_U3oEmBcYchhYkSw9MIVTxYdpU~aZoKGc9}!h8#}3b#C8 zUncN6WNp6w_R@$sC=$WM`I9C5G>@6V#ga%tf|0w608d!Uz`$QLZ)iRT`H-G z9U3e4g&Ro~fd|p-bF(aP=AzYuJ<#RI%Yu!UN$yZ0L1EzNY7Du)K5VcBO?KUK;L zuhn{lS~!I|k4Bd>k#~~%Ms-ndSk5L9tx)LdNaIf*gb3dtC@*o{$H5;N;1I00LE=o+ z1VM3+PA5-eEJBFJNpTlm>-I++vC0|Jm&uKFcVt6y*2PFDj%9mH$4tWVH?~}o)^Q0N zEIj;D6P{~n3>x);wg{MUWS7v37U_O}Bo){NAmIsp4GZDTcZ)n&7Hqi@k});D5X)d1 z;r0jvKO8e&6!_$}OU6_H*PkxK2@N>;xp0nE+l~z`uW`i?xG97PG=HLm7f!yW@X2># zulN+uSPKBh-S?@>{VJ~pZq7#JE9TJ=>PsD79#{~yL3w;@3wG?4k+rv@(kblcI}u1l zcSj^{Er-O(!TCm&-aQm%xB%m1W;{gBI(RG{6YcvuxU4$e#FHzE)0Ylk|8@3wklWm$ z*2Bl9igVT;0XeO^#W1-MTF&x?vSUe*himZpMK78Xa0l(V9f78D_Kx*LL6~$`asHO#Rg-tjd~Ed1FLM{vV(19n13N4@v{<`~JCn*>UCiv~hx5=-R%=(3KL;-A!?KGAkscUIj5>pSEmMttHnr)AXCNK5hVbgo}945?x zW6spbPt#?0%naE5A&&C<%cUYO@orNNTga7)E!&7vn6i%(zMqab@21F*+r4=1&8H>F z9c=YyG94i`91(^YPgpEPY)c8x1bB-V!n7rZ0C(re+)tEq?phAcEJTNG7q$l+WbflrS|U8UXjqND zLX@G^+FfiG1CcWc;qPxJUKTW+5Ez>$>RPHb?veIbu}@R_d~>Sa1ya#d9Ey1rLSPhFI+8Yhb_?A47uI4; zd9p5^JXU>{^JTc(uO?J@+`v#}NSy{+44t`S8y_;q< zbvdvTIU_ARoHFIrTqR4BedTK*gL6f>Hvr0(K8Occ+#PA79BUGOfg6IXElacNz)G^tKj<%5WIny2Bf^}Mep{sxY9CKzq6OKWqhdwLsYH2 zr5cw|h07q(P}1U*4|hwohywFVXH*s!9MxthH;w`>g$x)G zcDZ6~l%Z6^mF*(AK=5hDD$Mm1IZLYm`5bOu2Fk6Es;X-K*Il-|ItsB20dp~I6Lcx2 zo_F3JGJYgb1OJ1Xx+nVoLrqbo+}^nz^SYsNf?@B|HG$zpSVklWg*^DMiJL%dBw$(@ z&K88yzv8W3mw@gn_ix9zSMNI$#($sI7&&<&?riVuoy}OUVoxQx(N#Ku;9yu@&DujZ z3C9)=;Gry9aAn6Ke;Lj%C)uPWc1A5OOgMxv|&5oZNT~KwcjdeQ~!_NiK6>2 zD#&Ay7!`;N;Qj+n6IkD4N7=j+oVYfL!hntzR64LVUs1bUrs{a!Suk(Ni*i7ld!XJg@xE76uuBryfBZWm+Nmu>(!g(#o&q0d1fD%PFOKsIT zIMF1m61dU-ip2-?TC&d}4)0PIJ(Go|!%@<t5*PD!IcJl9=XyVHry>YCuI>&F0HQy^-<3jwKW8Du{3TUX-Bpbu;>eo_X4(>5xnOgDe*;CE18XZ@FSBwfJGaUrY<}30z{A{K-|ggPI@7)VqL0YYxOKnb-sf4B zi~wzG=1QXtvqtN(;yxlFZcJwkE4#EvxWYaX;%t1%kT;4K`Z()ds>;63v*_1N)!se0 zN5T0XDKOA+vjj(X{n2COMn+o%x=&J6YxAR$T@%YK&ui?gq6F<^^3;SmhFB@55o2cp z=Cyc(CtH-{+Obw~jC__yo**Fi`Vo(3GMrlEfa8m9#&;F0q28}zDlMvP{JNSg&&Srd z@iHa50~O^I75X#jcBARsO#E3bBVhp!j72b+JIgLoMsr}e1t(|76ai-W%Z!fPRSab> zr8XvC#DeyNY;L%3{!na0Uskyy8S1hdgS-NYL0r`tk(Cmm{`W&H1!%HX+;TB z)#deB@~m2|iM*cx&R-V4xOPXlf`@>eS@VPDN|VlrAEuTP*Op`^eiDmiip&lpL+WC^ zEsh9hr4Dd9$UDMS#y4sT^Kb(WhJKIDhYSZh7e~SW%VW9RUVlRIz|+FWy_I#Xf{I_3 z-|Zu`=F-T1tFdY?f^P9w=X-YeljLaRO%JnQkfSR60*fz_Wm>=HY{WI#y_yg)%NgH> zgg{Q(y7%yUz)?7_SczqY< z)s0bo=uGc+GS}EkLa5B}3(CoXc8k;{DIqcRbD{)uB%1qO4j)0>=n3+D7Q*A zR(Epj7GQ(S?QSK>ZWPZIXV;^|VP-r_73&d~RgnRq!kp9g)*oTFHI*w5oIW?7T%zRP z@Ed^U&}qD{vgrcfzq1w!z=ZPJalO3L71Pb8;bkh=7|B>ji2d)xb+uPj+Kr zC7c!JymH*{o7UK+iTe#%k>zD^(>ar8LfX5~^sF*_>w2l=38h7ETG@10kDNW#oWJfn z>e5OMGK9!Ev?k3LlIO)Vi_Vx%ul1L4%cppToxL)qIvn<04cNn^q4tqF8XkKt2!3SR zuXdw|t8*WpZyiVAzQ4v!7Y!3FjhE{EGH&5=wsjSjlKS#F9zq9TUAyIayIKRHVzgLk zuZk{(fA7j3*u6SoAUccvSi0B%EB~%pm^;*Ue;iP~*NA189tDU(xMi7kbmvRku8aDV zWmKef^aa9S!rx-j(26#sq@1;@zU)A`a~pPfpSvazFDceWto}s3WyJrr zKsW$S-DIFn`yW{oh$;r>N3~zUvb(w zVnp4AO82e`3Bf#!e?{`j<~b!ok!DwiP1fwOJX6-DdXc)DVYz?+hn=I^${+q@Z>(eJ z5CMhXQ)d!b8r0(>ETqo`3p9Wj(to5^tBDzyqbJBT37m;pDr7k zY|mmxE+3re`d7ihZ&wLjMzl6h&~YDL!~%>z$RJJK;dK_sxW>nhmerHOjbaIT zUBVq|+HDCW1~1i%AFx*Bm>OS+^}kWT4t=?=+FcXxMpcWihIJ?Gqe-hJ=g`@Qc|@q@kDYt77m z)~{v;>&9*%aW}=KsR`dGcxGfGBy+$e=O_#DL{U&_uwv*ES`Nx5)hbyz~wt59#P zT-$kAb1>L$d(@Rlk{P)GHWl`|-N1~G(?Vfl-jYIy@6>R5eG6a)D$yvp-7RP$(_t4W zv==(LM!hRq|GhOq4*|mZy<@TAa#>u7V_igEhw@tQanYKx(f#c(8~tU0@S8jaY$X47 zLSb?H%UyYV0*%dk&MTiwc<;cGc1qRdh75l)K#+cBTk_eubsBR|xDY&w@PG0Tvc%~h z><7E~pk)~bg@g#j=Zlo6WXn-9ffr|F!Ut5Jfn#?%ySv{K5J)R2p)1z*31s#qh0|Gb@TtacA2u;bcrj zoV2npCEFxQsFt3)Z+4BKpysB(g+B0Fm!HX0)&Ci8!u^Gto7CQ_ZTP7#@b_;hXEX8- z6plxdearv#=ZpXF_xm99O4t_&9>x2?G}6WIMM!am0c?fg>y*DJTzlQb7i~nbNM$(L zoQhm0ZWbd8n~A(xq>uc?w}_OiPvk|6`Vaid_wxTh&Hf>j>Yp*K%$*0LeB#dD*>C@T z+G}}*KM2^4Y6io3OVV56z4D)&*2~453s3)jt0fd_lw;OZK$oCH5f%$IunjdM65>A3 z4XC(}MEES~?Zn$gV1)tbFLhARe(PL`0^Gsh=n*LDk8u&TW(yTunOooRM+*E4(a$9S zSupSe{o0Jtu2l;4q28~kKh6E;o%GQ!%_E}SPLCM)Y$UITN)r1YZ3mKi0p(erCjwyf z10&kdFf?X`#B(A7N5JHmY`FH%-Jpy&FX(J@r1b9LHAHJt?R<64myp`A$KO$e7kd3^ zjG!;QBL6&57l;(FRuhdU@Q3 zWs<#zQVb`Q5~HIvycny=fHxj1UF02P0@?@lr}uKpvdCvEY98}G^sv7~KlQLX+Z?~) zcSu=sJtczpz_C~1A8^$@)-(xdaV4FFLEU0?fBhx-Uwg;5nZ;^|9=*TY2_*`DA#hh| zYGqfCWgx}^&7buNVe5QYu~W%BRBNm8&=IdSUmEgMMvPp_GvXQZ`qY;)_>ZETCh#L* zbgEe}cLFQo@cnp$<2en{^w9jUe2W|DFVlAz?n!y9595upIvUNX?s5k`;Y2gGyRK@4 zaG27o6{(9A7E>KI%MXC~iXMv$1Gp!J}eozf=1`w$|Uw)X?B`hlWqZ647rM@=@U`Z$98z$i&$w;H;4zcHuH2Kix%0&aqr7l6R(s!{O|VdE7x~liq7&UT z{gP&|FON`_E-l)HR}f}>$$si$giNpy8OJ;mX)R^losY(U`dt5$a{b?NGg!QYe%bT- z6RPB$sH5TR48|;znQVixYxg3WRdiaLU}%$E@9~`Qz6ax27_34X}S(AD0JyPr4u#^nJ3BLW0HGzW=K8r_`1#8 zcquz^dSmGXpH}o>*qE1h4x>t5k#m1&zT)QQ19j~F72?~)R+ui25A9Eop+nty-y
  1. JYr?VTf{+w7q7Cw{vcVwJL_%CFP_&-I)&9cupJG*txOj^Ymwl}8kY#B5spzRUs zyeRU)342oWo8b(}StBSSUz>xsO5bpY9}_*`0a=$OwRwAVE&Z-?n2`;iBi?mLmWHqE zIJm=%cynJP? zQKA;934_~te5PYlIwcW@S}ob)Z#a5_-;tOi1fmYpV9#?2;H@rnNEgEj|8^-z9Ds$i zC8qPK-j%xXIJY`%)7Hf5gJz5plb_0KdBeTuCcpQb_{zV3y-GV?j%_D=>!1JX^W?yv z`EDCw<=VWrHdkfRgcatdVo3hkmU1s~( z?u6+Uf`h=WX$NG266!Y-bBTV;?k0RruqwZQBY|6^)kESHhw(L}IX`z)*Otyh?bNmy z+s;zBrzi^iKojZwcY!%aQRZLJ_qhN68~PR(6mXevcc37B-8-f)(AnlbAeYS%35^Ct}x6eJOg=hJ--lx*PD-?^RtNH5H`vt#3<18>wP3Lv*qSZv=<=&U0LJ5 z#CtTG?`5T=NP)GaySpY?Sy>4UJPuhj|Hn80`qs@aHGPtkDsw^EC!43l=c}Q5Gx5Nz z4{Y4{#U(D7dK&KW^>0@}QJKi0djbQ|r`RmhDwUGOXkFg_7diWX8tDPXG5}DjrRU|E z@})AT#5yx+&EtwT3BHfFqx*Hg(lQBsnOoXTzN+)+zR5evWoXKKnTfOhci3G+Ju3is zF8IHp4OFp-*78e!qG8p)hX?eS$Q(q_ckyg12uhl1*dK)89|x2x&W)qpG4TW@ioGl^ zeoaZ7dqtU%9_k-_nKk;NFvmcgwb0TYz6YV*w_fBIg4wSe1wk=RC4!l>>~<(bH%b@@ryciwAVC$}E{f^jb4J;}-2^2|0kqOTI7U4wJV;e8np`?xr34qk z?dI5My)#HnUETIzx}=>Tq4(X=(f}pRY!)ga^% z+=XH_0Z(;W-Ska%A0FkBHcy=8JU%q#&-RxNh1}Oh?nLhZ$5njQ|3DP`=k|oxqGfZ+ z>Q0&;P>6_#a9PcKv$G9yFMvVSq#dA8AO$ueCo8x)HsP36)8E%$V8P~R^HJCSM zzh1w0_jh~FC{{o%Ug<=0ZS3SuUu$zfg0G;Qu+WVhCpW?^X|`Jubm8?7#+RU}qD`0e zx{{5F+mctxM}dU~_G7)|98KiU!psp3S_{HmH;5u)DF}Pt3YYr+jmOe8{niS7QN`CQ zYk9e|_=(wE$^Ow3l{V+nLG_9#RV;#wsezeUToD_UhcSLUqh%$os;xWk64;!wXtHZF z43|`sM@2tP7Vj`({F<-eXrd;lND0npw`9`|^ti*!9o}=uDj6eTbkBAs%lIl)tm>8t z;b8F05Vmt+ne2LIWeh1Pn@Mo7$X3E|c<_ zf2G+2(S`H_-(_38{FG@>d#+)LcOEKG)W7}J(-c(-e|+qHCX3j`@etta8^T{vMit4ArdLmuw$p_sefpDF^@#B=iqNLkc?c zVWjqswFTu%-v%>bM4_m)1o6_A+rTM9 zT;7!GexA%Ko+lo-=$|RfmW!v3q2?B<#{8j@?f`YtZK}kYp57`{BCKZ=X9-1rmLw~H ztPEIWKlvKBM-18?U1$@YNqPhk3U%lzDl}G+Xx!|-Zt1{Gm7&q=%<3$tv3cMk)`CUU z#vyCylDjYc7Czy{b-@T|TikAqSItz++%0*$Gv$N##n*{=7`L|3xkq-JC?-6={RMaI z_ULU6m``XYnqe%y27I}lRa^@)Jp9Q;2Nx8ZSgM?LPg34ZVXx&A^vf;|+OHlHy9$WQ zt_~%!fZ&zIw}#g{xBk{q2JWa>3K3#<<0Ks0&_LQs{un?%7B8)vFuv3nT6tcj)fqzu z2<|U)&{Snok#Opj#J<~# zx#PzxU9=p|@jpU#zO~FL$>}C|3>CC zF>ms4B7WIJBeD{!`rn+XzfAUho9F0D_t(m3VU2scgJ zYwMHYrAG^lb`u!-rH8FUIaG8DPC#}a0%Xi?*xC)z8p3f6o~tuu+i;|?F>)b-wOH(% zW+b|pAVS;z{hcrz#opwEf8dFR181)b|H0q>(FWpUIP%`78?{{FKs3LPEGYrGMirAL z&W-oUkKZ1kA_$Z8jdBDOi#V;Hz9lD{E|`0qU03zY38cEWM(XK!ef9{sT;laG^IzXH zvf`dJD24n7b&hV%yhf+t!|jNp>7E%^E?o$AEi-McM#_;izxz62lakV~I^N860cwAJ zp)Tsxll!T@+8{GN&Wp{%C)xmy^ApGFdPB1L3>!mhGcwP8bA)15F47V@gm#sw;fnV% zbmQoFGxSBcsNIAC(#Mk)SvcUdoLbN4q!G-+oq1MNQO@6OTi}nO^Y+*gZ!B%>T!`Xj z*=>*f;nM3tvNP8x;*9BCP1QKd2JK8BxTe8E!LvfMK8hmPiC_?^C^AkQ@c)1xP)gxJv$rw zl}^LND%`gTR6nH7=BuNFmo#x$ceQ+G2n;9wbN;AgaEUdsFUv}o-H|I9E^l&uakExB zO$mFWEwh7W7w>nRmRC0^D^Yz~6SL;)M!Ntw`jbpQ2AQE@q}vmE_qFi=7r0}^1|?)p zyDK+K9d0kflu+m5q3X1THk(;#`IyOcB=S|!|F%rUX7v2T z^JRuq@5VN&RKkmX#r}km+H>HP(4K7r8u4sgczw$Owa1Y|q>lBPXI?%Gf}3J+ZRe*P zsAVbW?tA7WgZRP{<Un(e5DRBr9*H2s{}8#)7GqmLw@BNKet(lqEZHonI6XW$?(i z1$1K=?P)x<6j4)qpp&VpAqwYFD&Li$Wd#-rC$}jka_3MyL+Wp&=|hqFilPOfXh|ry znpWN1dmEmTQsyn@o{VJa?6>(M+<7$4d8PzP8dI2AwRYl&w%Cp9rD(6`XIH zLVFbWEgR_sLB`7YoQZhu0H>Efi8-+yyq_Y$} zDOyQ)$bsmN=<_K#X=kqFDwU;Cu~wm4-d*=I^@ za7(THl!ciR(TMcwlpQ~j9R@gCH)g8{z&HSuvMD{aZ1HzTwEyO?aa~Ap3HIc`l)SIH z^^z&Zokko<3{jT{ShK9L^#~(AE=M?umzqM=jgwT_LJHT4yTpv7!{oIsOnu8GwWYC?RAz)Dpn%4uxp&-0hVs46Bo7BvvrFpsIFhH> zvz&MHvPTxj)N)v^_0#C|&Z zp_dsU={Q1VmDuLv^`7f}`6Ph8MX)cI{U|NSPPZxPh1lNbs^Tv+!Z;~)L0CoH;Wp|W zF6xQnOR0+$@hH$$b8JYo9+1GdPA#*5XJZSZUn@*rRB`&MxpRzkw1^0CB67sB;7rI< zWYN7)2ww^ASZu|hX?Eq#Ud{+FSSIN?rNn?#7s*^S5aP`p;Vv% ztoezde#erue#a~nxGolQ!lVk7qRLe5ZF`jN+mlgIBe*Z?M+sZqOzYI>e-W(5ArmQU zMkMYW$}z11gS8eJLBhbyER@q zPy%~}ClKgHG(HVV6{YPHa9f}!t>AVwIQk+Wi^d+R^NfAy0rlzS4KxG#hJ?gF*({7CK-baP&t%8=KGv4^2%WdO;30gKK`dt}m?09~J0;{H*oX@p+ZWMof7jfdQ@15Cf$D*1)% zall&Fe^7=3LoAK=!8k9ob3e$xQZq+t2YtF`7it8nJ^x&m$Qkk-NznH#|=H+&b`&E*zKA;j)+3cD+G2s*tR0q7U&X;kj$z7M@Ypj&WZ zcVqprm}&O=GY+mXg?=dIq1@e4ag2X@g0Iz~fr}Ayx_O(kJeUhLvhTpaDn?{LHW&5J zEC693b%>T(2sMEE(Q|QQFwA%MIhBpL-j>~gGURjeB4k>BW=NK_PONbMppFLyTdygF z#^=KJ37Fdq$45%p8(=dApQy@kEzjNt9zk?usxw+fDqpm&2*BNy58ds6dQbk=XzS1` zQDI)m@3fKLR_QL@dB?qUx<&GgDQ^^)kb-oHnZrA;(H1v4sUGM|QSwtWu3pZ6H7CSN zqZIG{pwBM0fFoBw(MISySjDIcqm7zw8SsFTeQ_}Y*x#?+^_BZ%ysU5PMpr^0HU)DT z5l**28_=BMk3GBL0gs(?d(?l9IC zG9!8(0{0I>k5xZzspTBn70KaR0S!1nJA~z#fCs z8Rqc*YVf5Ps4YN=F`<=jK66Yf^-@1r%~|kfBf?YT|M=GVH~weP_1Cl$5{Zu;6M^l7 zKF&F}Rpw9Jn1ks(K6iX}w4@>Akv(eT9p0kXRq9QZTs$giYxCVtEcYhRGZ2Af)4fwD z`UVExXr7Li0Sol%OHzUBAL8&@KI#go@b&)y&7KbAut=9(G(M1zTMc2@x$_)LwzPTd zu^(P}Ile3*TD-Z1o&jvO_sjM8%74i%OE$%z!9`!MrgkcKjgIEt>OC_K$z|E*t=C$0 zMW>l}i^_O*kHk|ycf0+``}tY5YI;wlEMalH7QK|E?cvM4iCLRRNR8@6j!WnXiqNlX zH7&0P*7yGhG}eklGsf_x_3B2uGh4injbe9BJ|?sH)!Ztr?m^RM6erd0b2%r%gX-+@ z)bh{kfWqzXeU&C|DTbscuuHVud(kA^_lu{xvOIuTo9dtWN>gB~sIvIstiHJoXVUAP zo^Q-Jlcpb{m(3HlH>KH7P21MrajfiZ=eB+N$O);GvGhKR@08*_e&&}6ZxwX+$D1W)w~~P+B!+m;B$Pe3m2NHlEA@! ze@-mP`{2D=%e&d}@rrU_g4;ncvk%P}*@@V|w>g^XNypb<(3}H*vD>dtWU!S2mt(Tv=DV9AT{KK+N4nfr}j!o~$wG{{KyW>HkH3 z34vJVUwvQ{?)gW17PrJf;fQ5kbww8%LHK*NeX=lGuS@S8`7J$gBYMAtgZ44HhKIfa zj5gs+3$&avgBTWO{5K(of?w32B3_PKj54H-XfN?w0|Px&AyB1+qDEu-+0gvy?-A(h z2=o5$zwr`T_2?JBbo55Bm46#B5w(0Ixe9I#o3OnJ0M@S>4(B2xm0Jt-pa9f)><8IL zt=;``|2QEw+oO3{VCfHe^>^jy5)lDHf)I|S)vesy{!U?IAF z8m;u;(%=LR2Jid)Z}i`puERsY->Kurh~{#hxf>kkFpuc3YXmOM#?i$Jf{*D|`V$ta zjue_}3!Z>h@Qo(jqY^kJP?TKt(ZAflUg*hsA!zgFr}Q9BZL}}Vz}|`z>GRHH42QPH z=@${zyt1>{O76%o`?D{#Z;rC)Z8lfaH9eX*F$#P=s%ppbrC)4k9DUWlOO#wNUsfos zd3}DqDZ|#6!VuPJ9u{ii5PyH% z@@nd$kAsWc=^t&=LQkf{IJDJc@BWh?U4X1R6?c}5a^8_wld|CD6C<1GrG|BcmAi3qKGaMnkV(aux+)aovc$ly6QJgO10b-VuQUB4#wWd_O{dgngYHn!! zqD0;9@-07 zZ@0$x)qO+)cU(?^%?g~{!*+np3P$Egf&x1c1m)k_6YKk;=_?1QXPcDN6qY2dpyb3T zOzBytKAZcwM+4hXs;JjLYHd<|?e;|2hLLfg%a4Z>3_-67$91(@o zMtmn}&Cr)H&sDU2%Bp~cp1gr^Y$hXOt#VGc{9 z1m&twff9o_KAY0HfH>v@)@&v6yu;wLFbqGx4VOmEp;UU!Rh>H+o2!OkZ9Nwi`%IZd z*sHD4{PHW=U$rVstV z`H0i7{IFmiT@D%Hcr-w=Fmrlm3=QV0rQK{qBV^gRw(Q#IYqLM${$8FWj~~|5Irn;`o?C#D`PVJ><`ll{%+d&e{@Bbs@9i7?LhP?1XGFS_Of(Mq*_Wi2&99+r50 zR6BV8NDk&r89>BPJsoQof+0nrR%FiqfS2cBC{rVI;hG*C!*$PUEv*qd1!|Pw7kXrq z%AQDpt|cmvi5F-Rzb)oV_XnfUd=Bb9X?Z3B1da! zXXjVZjxbEW6d8UWuy$E@ur#28(^_~SKO}P5Bj}veN%)QO7efAe?4L|~1FEKsP5aTH z0Cudy)qJ?ECRAHFh_Qp~LhVOfCmn9zM7mXrR#^PN0mK%K z5}D}+?GrnFlsQC+8&lzMS?I~-t5kpbE#Po-unB&Mwo9V2x+2Tt-sEqd#w^E)8X-JT zRm;x)Zx@zh8qqM#uD$On)n3l1UN{Y-Ss74N0(B)aGi^$bRx8uJX!?1O3FQ@ZFxvc#m#}=Ey0^JB4aIlOpxl)~{aN)j^(;&So=dz2+XKyD1I;H`6P__% zt|e)%0V*nc48k%t(fI}BrF;xZLdT=Lns_sJ5kFT!cl4Vpe z9yMO5QBPyh&fpa?sg>|HE7oj+a~E-INgJOrlTPE`843kI`wTgr7HdIU{9c3ZY9%Uw z!C7my^nsN%*2$B>h=)D943?gro|}hf%e%;8E5Kn&J6miHhIh}K0G0d2N)!m z$%-rXvYhOTt6X8(VG)^}y;lhyCI|!w+FHRl48Jt>hkUgUEuIk(A22jws9wud2s1k! zn$C|9X{^4v3%#P!l$_Z(IBMqN-V$ZP4TJS-|9x*S_RO0(u_s3zdnar+c)ZI8kBaKV zF$|UgXqF%ju~vkbL{o59H(15n3EO3;M>Cw{2DMYWGukA_@Ey~G@?mXhJxl9{=qiuX zMVHWN*IjlC+kiz(SxVlT1j-oX1?UU}yilVVyTgJR31?Lw;@3U~O1{l&Cg&dwJnExl zmLc;8(MgKxcAJ^Iw#am||IoQu< zjJ-wNNM=n!2S&|C*>Gw0Px(UN6D!agk^6p-+agsV%zH9S4^(b9GYipknPb-;G7*uc z4S0~NmDK9o5q3N%(BWC*rt@8JEUWPs6)0KlD#qXp#{{P!ZD-)}1mBo3`|Hd^WJ-&l zbQoDW8-QI^hK@=6Az%B*kq5m>BaVSocoYvHA2p7;o2CR~IIFy?K@=lM;&(f^Ao)ed z9k+8~_ssvR2&)`VVX3~O@pGSOoozeal+&sqjCPaUuNa!oR@jqz8q6?>I&`#dGj;fq zl*ax_7I{vYCN?|H-qaQh(@P(`DPF%c74hpEuE^GRzD%u{UQi-oq9|qY4^zIEc(W5$ z=xe2#23%g~>h;0BG}HY~sZ^Yh^?3;97Rx6h+gdolw?B*6hpI?a>9WuLeB%1P*aeB1 zm?FNKDc6vLFyd%Mv>le7g;xn-foVZe(||5ZsXZON@KY7B!F)HQ(1qv_^WC)2fuzmX zzn9@djLtgKh>YMPw+T$YN<*%nK-$~tkoH^UI*s24Nk(u!lTl|sYqd=|ZSM*zSr+PP zJflu~DacJ<4?CoS%!n1*sRI1nKMi=2WSbU&@8x4&`r=94*10LmlX7~ZQQi-g{?a_j zGb!}G55Cu&RRCigaiE!%5?2JBGffUu%(x)OW|F>P>yX^0=13%*!z@EEtJ^p5{tYKc54O>Mwo!!hCzY$otIJ~$tWelBoOC>*4rWw=FMPnO%B zh`?=i)5fKBi@-gw4Kq6tHFlYT^quJ!#Wa}DpjI7$K#@|rCfW&B%`nf58T(*N`ZGL* zr0$?cx;b92kI+>?ZLW9ElNpg>m5WL-eN8R|04+f7U$7UJ9vy?qeFi{Lwo|3yh;sTd&+`gyCq#^jx|=w_iky2Ii(cg&PSZ@BNY z2iPT5QbiQmW>Z96*{LV4nn0f&@J6=MATs5R^vCRLrmOzO33ZuaI#f|)JdyhI*#c<3 z>%^|W#6m^Ul`g#2`D$K@sRhEq>x9~epne$BiPYfK*P6fiU~nu5C~8PKI8}0^!E5fB zelT=osa9uNnvYbvTRNz{k^)b_kw9dL*D8eSW-uwj=GFi0PzX=12q>=n0fc$Q>8%+HYoIU8e5U96yRJc?vTgOF5&> zel>o?A$2`@-41?#k@it${UHG8x&vVtpziGy+>y=&Nl!PMSu5hl5xDmrBcT8VG5a}{ zyc!pxu!lx3o|INB+D?mxM)i%$9rb7Uyu}7ph=W8mLr%nVGvq}~#pApV&j}>sAG;igyUEKPYvNNn{^sIdnbNJt%()?pire(PVWh*Luamx)gRMV9)|rMR($E>{}< zAGIi#BK$I(IjAy!!gIGk{8E^Q9>H{a7T<`udcrxn(U*>so9*W7^zu#WVhfAXxg7QIhueYfM& z>tKzr3oQd4H|PbwWObn0Hn2-LS_Ckap+gMcme8#+Aw2u!jo{X%^i2Jm zOq@J(;x{tVIF%sT>u;HTE0aZ;@vKGe zGUZB%=hRWDsI&%uY#+)>G^o1`$DDB2_MwJ?(@vUpAkBQR)u^JLJHD6R-~;x9xhQc+ z+xM>21q@$({Z9{ERn2|a*p8PwZpV??=2l+ZKSbo~7g?}AsNWw1S+ot8?@d_uJyE!? zhg;uXMn~KMf7Rnl+`7Yfif-+X7*|ApHA)$m*hi}7=B>5DWrhzua`Xu zgz^|$Y)-fqS~9qJFb`>zr1I2}ur=?tZC$CLlaX}i_CW1i=S@_8N8cJIa>WgDMT{S= zR1tT_3?Lu0X4B-7a%^_ai@E_?O*c{HTuX`r8af=JtTg9nQ+K~2}gS<_LcVD!OMgj3i`g!1)*r)uGRAuGRC2w zq^x-40=op@5N>u^Um}nfhL2#>MK+t$?oONzV9;4X3`CEphv8kr`K`>Hzlpj!=vwuK zIlV}4z}-E%8V|flymv&YLozsv1XNelH4}Ffus{`a)gz1O;u$vBq3C3rk%W&S9LEU{ z?zem{!;sp@y(&0dGXn*)c4E07xbt0(ZL)a`I;T*sG6^=y{ePTRvx_bJKz(lO2orfBsG>i zxfg1QED4*z8Cwi|boWU^U+pAuJ`o#{eA9l2x(&D=-3juKp(v5lqxJ{2x^)Piwd|aU zYLTCBN8inlOhFh3qE>bgU$!lz+ z;}As5$Y0?c;dS0-Rg@D66@G)gtt6%VnVvDM2EDS|;@j=51^L#7R^(p4-rYClH%AiA z|Xj4^D` znB^2(I&4FPT>*H_M)P%339>^*t=}a3vR{j$N#wDS+_}rW#^KWzZ?l7SE<~u^MX_XRZ!OgYcGvOd}IXh8T9ruA&2Cy~(r_P5#8`tDfvoem{Bmukdlzq`3Ey&r}%401Vx z7)6F_@dvw=6me!{n^<>>vHm6QplJYYJ7#x#zgl)-Au!KEDGHx!dzF?|4iDlEAJcH8 z6$$3^n-1DQgz#4 z%i~*XR1`tTm;;8iEj-L~yCETqTbhfJH0P(=YccBPhTx$u+Y|H-@aB$74Pec0T-Dx41)a>RaZy6k1L)T$IM8`XKUSYwR;y{PDE5qZ|eOd_14U^Al526nt?wu0jlaZIM##qJFdFvr<9@OULA+s) zY;}W}D)q>Vp8hX^XnpK`{L{8W*_@K7PjXMcRnxwR4n=5#Zd>i$~Hz)4ub4K2y+6mkDRq1R@AS^3akcOg%(&aV5!H zN&jGvR>SP|9{eq1vbm-5{O%po-Nf;olk>rmHa9GGs3|4nHw7jqr_oBiDsPG7P8~+e zxAjhJ7`~P5$r)@VK&uhSI*!^_4qudqLml}b_a7Y+YTs#B8N@BMnwK(+JVDn(@P^;FzO8Uzv>BzS`UrbhUX@x!uG8zP^=?Cmmt9C#-1q=w_Zq*{}tCSSvk{Op}Mrf;u9vh+q&Ps+FTx98EVNQ2I~1V~Q_ zofG>&2?^Mb;FBYLNTx)5@ybl4dr*b?dqY#D~)*4>d7DGAEynw zRj8HKpGWFM(@v5Gd#YOENX(fGzOJZRoyguBaZVd}={`6Z2Z8w90JJ@YS9iT2E5!EC zEWp#FS=&`eeKVif_3`lyg>0yRN+u_D%XeVtZS%dW3LjZ+6rHMmTf@v=t}Q-rbwN?| zHjwV@W%L~_YM&N_EEx*z?Ii9zRGrlMHh3T_ExWSlO;sGqyh?6rEt5?wLwR7$p3q6> zoV{) zplRm=XA)fs5OM-X0~qC8gJWYy(tqxuU);0jnnrg^JzRe=_VA4MBpTlG3#Pd>S$l8M zI&^h1RE891tEouij10p6aB;H! zng)NhdRf>f^{C4|B0Ddccbw@IK1{ICZ}l8*PnoV-ti(35+u_4gZm_0i?8)FAWKNc5 zwdAKgp;~T#hY;6{j*v;>(xU3nn!L)GZCdWZnQkRX?OY`8c3bXd-rhlyP)+mmeX37^ zRvDEiUhbI3?#<&7JX+skrsAz@k219{tO7FemTK;G=xUBg!6p7=>>xP>YXeH|*Y-T_ znKStIJTc=Ysnp^g66~hJw+8-B+ZC{ML0?#+^7xiK8*%C5XZnO@s|*U7FMyo}%fH_p zypwaA$+*t8rFGphQqi&!yoiJQln>}A(XiaEyJ+{0nYXpaefgX%OwEd~mcFKD?cjNs zMv+wd{8Y^w=dy*Yic4*Xel>L6v^SiA!o!Qv#Bn|J1=P5&7XG=uf4<|LJ?=*hm_a$WiJ!!7__}8Cur3c7ed6_TwiKYU<$W%#xI58Pg+zuM-DI! zANH84nZ9daF zb2AJ!>~;Rm6`>aRWPwz1gvGEaFQ%_i=R!x2TEOuWT5nWyt?=(HlrY9EeIWAOS+Sa8vU+o$`CZ7xsVai$)Z5(Q#T|IxIank@%^ zh$^k}WH3cLyrYmAydP1Y4`+>ZF=r?aceuHhh*|op$9OD@;h_6pcadSoH~F)YSFVOE zeGcZ^Q+VcrNE}8?%%i_n0F(nvr_RhLr(n*l3n@UtPF8M9=^;j}_aX*#ky%Bp=QpuO zi@b&yghJZ|{md?KIMB4!1m=J+WBR2d6JR9-`j9vtrxtn4u<8kb=9zn=6d&aTalVf% zKMDV)gH{6aAxv`ii6;;wu=e~R+c}@Azm-kRF<9GKa7@unH7}{Q;aBbZ*JPiaRL@cP z|NJAeix*CQ!ZaOEvj+&~4fw#qGoi&bA2|qR%4`B@;1WSgNuYPfUVyS(C(K9uvpP0U z!WGZTNP`E*rIjRq-cU(|3Xd-+_c;I?3q`Eq&{a7;`;XD4DY**S3pV=@8zq1_en$c$ zlff!Rk!6{>@*V+D=h~ux+fEd70W`5ipj8~L=$TG3+~L#`YP9*a1wsnNbBcR_iJBlu z_&@>bvLVInv!+j@1gz22|65QX{MRSmMo+A-sdT zt1vdQCS(D$V8LX@#|BTNbrh^u0+i~1?qP)wZDYP__G2CfXcpO`haJoE@t?BMk|OsM zfsVjbB~iCuN5vOSuI0_wZu`o=4$eNR0ypyr^|LhA9VU(E2zGpnnbK@4y_H#nA_HZJ z&pQvHG}P4VDcZymzLYG^@|jSWT-B#RqZuCLR&=r|12tkb+~O6Nl||S%793;d=;{?5 zkfa}Pk-+92S~Kz>qmzyWFiVR(M`EqJ9!o};ofpN5&Emuk-zem3n?);Nj>NCmx$^x} z$Xmq)6k*M*VjW270EqFBOoS2O6-bByjX9On^ttJ|8OIzj^cn5zZru^0_;WGYhyzjK>!5+pD=C9ZZJ3spkrkl?57N{I6DG zG}GfB;Pjo&4mtrc65KEp871B8!QxWNY{e0gYcSMEs0gdfuRc`NO3htghG~f2fFO%A ziRn;l+e>7ok$>=wPI{Dhyg!ZZS$w#nb}nztj5+#bDZ-t;C|EPaM>3d=hC;K5r%M}U`>AK4X(Y!yg# zgVy0zVoHyXrq6dvp9fj{DgdAJm;?B<$cF=2_5rX>uw?$XnFeftug>(K*{c9n?)@yE zKtqkm!Lrx3X4pV^&W zWZC|gtjJpjFxriP9B?ls=LB94pHq%JT<}ls)6t$=mxw+IK3vEf#+nK!<4EhP zKX`>@S92FQnu;>?VYgym&N44I`8QwVkZr|nRU=ekpL$cL3WV5B*whH|i^>TKM{@HZ zN+HfTCr$&p!k%r2@+nyW<3uk-&E9op0nV?O6z6B-EzoCwSy7msw9WKyrS2Nm%#JzR zT&%Q<^D^J2vW|vPH*%OW=8^zP5M^70fW-($JxTf~Wx4D-;8<5451AzRYIR}5-T{i} z_vFb}z*VbZ2K)3sxXU>chF0}fXK`lz??}YF|9jv+PSH+ay`-BosEN}WmaB8YbM-yk z7h&j2^FW;{dTL~BGlLo`zM+tN?)SDqS-X~W5g*?`o%_wv28Pv=kW<|)jujyOdm=@M zo4zWA&9Va*Cj0P_2cWRgG_8ZAzfCnY302OF7U_=}MEG_IynGm?JmxIts$G-3F2;{2 zOA}SA?>(WYX{0_2(HPrP_e3Fl>yq~lzmmB0t}Tup738|p1U$8%ID649UuBS44b@kk zx4vDWs33%Y)F&pSUYy?3Di*p6_b-C_n>V>3pv4U|Ib(^2;-s4{IyZ_} z|B};R0|9QjlhFZ&^tpsCYt?}R4M+rG3G+T_M;B*b#E;hnDCEn$J0}17W7QyB@GHyo zXGM@IIgTK~her_bY~)&8yBDOVQ~-S`mmR60KL|7b#r@8G2y7L&hrZRdK|}gVWXd2) z=xB7}#ZCKg&QSg{tW<|;Aud-??8 zh}pi*6Cx~TrGU3J$pRvk==?S&+_{%Ls_B1Rye#=QEZ}(oe@A{ftE>7hxUAlNd{@JX zQB-?J&+u)Mt;Hb+oyQa9#gOBlwg!Ukl>Ep$c6tAUJ9m( znvPBc5MO-ot7 zZbi*a_RMpq>$;@4zkm7le4r)0mk*G7Wv>HXfjTX(ke-Rr{{pT>>abib;m9a0I11iv zHsa2VnDOIvnA5->0X{}Qo^ye0r4*pMna-0cU9S2zX-`?asv-*4x7jjO2dt%Ua@e?W z)WZv03o_7@HJM&u;J1fOegAUXJU}3Dv@v2pu`6eYxkKS$ubc-ovJfD>XVwDo=R4O_ zK>6!qv^BjbXdBK!E!IAxR2O(xC!f&a6QYL)P*a@@8gQ(mN+|-cOaG4QY=R{Xal;M3 zo+{1j#z>`o<-Eqff>?>pY*6_}J4c*Db=xmw`XT`D{jYKq6brEMR@p~n0k$VMkw)`6qy%BN@abi^V8aUbk zQIyTnLU%RwCm$b#-z69NlJRGiT6hRWG@gN&b*>_-Wm0(410|r#^|nAI;`JA#twbj> zQr$V6m>aQAE-z(4%UL#a^olge(AT2HFaBMG%;$hMw9Zj<|Mri=OPixlXv1YY1&g5Z zQkn3KBW-+0_>%rDE#76Cgqj5#-^UN-D z+;O;MTXn$4G;CuJ%6&GD_dwkzOz|g7_1Gb*gCzB5UadVUNUEC7Re62zvaq8%HKeQI zR@kal8|Nr;P0rcl#rPfmAM}LK7UQkv*_(9(}wuh$auwD8`FHREX4^(b)dINA z4OZF6l=4F$yhEZqnS@t_e!krmTA))0F2F0sV03>ev$>I85t%5U7U= zP3#}k*`J=S<=Sj5pGZ1dHVoKWwRm~lnT=qw4itELnp`AH3$4CrQE9(o99Bigl!;+nLpR4FS+eDS^ z*)*vs$~faRln@3bUl2G_;s2LACc7^UIRn7UF_uIW43u`7-4*0r(2A3+)30!&~*C6Bj&0daAHy+og zl*WJpy3A9l6Y%HD`gqc&D2`;j*Ah;r5_H!YRihmy?j3 zuFQ_bIw`zlQ-~&+KlSKx@l9|gvHYhpf+Jawg(NPJWb^j$sHTCI)I3P?N(2`O9ozN&!VAE+7s)%U($ zV7WD+P(Z|v^78}Ml|tZJyvRx$%%#qn0BR**&i#lK91s6eVt+~Ki}JfFhx7e1nC%VX zKnpv8a(~v5R{1)bU8I~RXTml0-DbCLzZY+^?xAV*T!Udd2)BDk`i#>4$jVG+BnPdb6^dBz*J9y- z!HF4Vaib{unoj?(1wDPu9h--fRX8O(m`gyf#h)hAIs==g)&(*^R8u1X85# zZgJkxVveW{x?Va;TAG|0q;rWtb;Q;An5}xWGG_}8Y96+5!VqziJB~+7?~d+n7Cxwa z-PybQq5a8Un`~@v&p}a6EmObFGex^MAikY^LP2KKWbcgbk^nlhR-lNd7#_YAO&!j9 zj{j2+{gE|5A%8?r2l>=OtZR_R7C(i5J#hNe~ItY^m6qc!NSoz>nh~w2$?lzmlu1A>Ks4G5FV5NkgOMB zdw|ZrH}!!JFI)~B6pOWdqMy=`k_@#h0>ieyZ(*X#t$1ZXZH$%FI}02abUvgy)S|nN z5W>;SrP&dN_2SC>@GL)YFNqJQ-Jxq8bZexe=Xk%`K>P@FU?k5Zd;Q(*L-AP-7)viW zwC_xX?+S(_=f9n1b3ue3avshlxnwVWt0?dpZzntT6GIbg;w<2Yi|{;U`QhI(uayW` z#$N#eKoGpu)SX=v%>Gf zk{X}DpA_mk<*}`Fl=NFxfw(c-cgM?gj9J#vtv9eW`ni9aP zU;0cNhd}H`eCgo@y_Mi?kbo=O7YCE;Oxo#tPi_GfSHFpJewk`uHc#853BSM%n>~lM zk;vMRv-O8_GHKc9>uzI~#xeb zgc~*p_OilkI}{^-8&r~Tdq(`p>zu|U>-@dZ`m)$!cQ3UbWy6(!Fhq;K&{G%joYDV$ zvB2sU-r`r#L;etoKg1=mY%NK2htkRFcVW6xhVJpGvbsMTPe{zPkvU_ek@(fn@L4Iv ztNYA)W+}ICvcaleDW5`hu%qWWtl96qg$kluN9c^m(wQU-25=)=Z~)ItL*4}UCh+3- zao`?3uwZPC%PbIxsbQ8`oq0Ibz6fe6p=((-MfUWQ+zPavcvq_4rBi2-q4>)t&7!}y0y2+-bIO2|kf`93 zA@KL;0rS+FS(zKHfHoJq& zR`?0lN*Z3_+R4&X%gER3R{vBQI+jxjMX^Er9DxLodb_VonJd%fi#RU_2k%&?+)M18qO5v*ieXFx#9k^zyF3E z??(sq@UE|LM|k7)K(pvD`!5Aa%45#003w&v7&lmqbJrIK!o?qZSO%ILL{bp5ffn&L z8tpuKf1XVv&_{?Mr_;Onk{s}S?A49BH}}c`sS9TaavTYh%V8CPBLLI6s} zd;v?TUqutsButvY;i*|N$yn)v#Bd|X9mgfF6kiruSx{}fzmRK4eU;|uL3c6Hy*4U~ zf$}T~sZciMJ!MPs*iATVWG3HCw?{ zVo0Sxe6mmN(OR2w?!qmRuJ+}{QpZE;u1(?6CpT^F(G*v-1OW)wf!5-r=zZ8{8BlLY zXrZ$X{vBcWszz5>aocZ>{qNy&j<=Q`qCAf2gN13P%Ip6Js z7na^R@)W9!ZF}DR|HK}B7<#>4@OpUobdL5izq*XO@J7U!};Ci$j zJnIORi_D0S^Gdsnl^b{Gy5qLA2RR!!;9e7d^oVn`bsZNTtZ`%6Wz@+azJ4(j zu?lcE`X-$D(Hu;#PtJU4$n4?vMvun0lQWn5)Q?VcTYfJ9V1)Sv)RwBxw&zYBH zzA&E4l_)uZYWj-XlYv(o#a@H@W( z(qh%K7Yi<7Xng=ZW2>O~!AZ@Dk-H^cFEshmq1Df&kiCS<>(h9x-5NrLT143%A4cta zV3%Z@3-2+Pr=Bnc^Heh3TFB#&PTv`Rph}K-FqG_Pw+a-Rs{F{JwISZ~mc2!m{j4{} z{}l^@+Tyrk*E?^dv7R!Zo0VeywR9((0$iWHrtBV3e3k#MJN7Rh!G!Nn^;|7a7O zSv>cOHwyggP%b?jDB=O}Cd)~o252?)sQ(Edpk)Ov>ohjwZ~@g0D8vl0UxUyf!Ie!bsTEKhrYr&7d70qP?zH|(e2qzWw6TE7?IaN_8Z&IuM@ z&QSO!;~sG{C1|8G_S`+a*hhg z<#Pv#ys-){G@nI!s69yVO8H%tc_}0(j$>4vMzDMBjlT;l&dCUAhz=(0axV*EQs$F? z)t7}*b0BK|d$fNq1LURbHgHWFG@k&hWj0XkvaR`k;ZvDLxb2ND9XL@Gnt-&eZQj!N z!bEXnWe*jUyfPL=@o-x>m%3HLul}x^$iHIyY!!s#a*K>xhLvX6-C{uqFzJljVfHM- z)D1fTm+V+gw@lF9ZF!DxJos^&UtLmzIip~6<7(p6-K?v~-m?QarxH7v0PJrv6^uBgHm>x08K9#fa+^=&HQT&i#jD{KR~D zfBfAVy>P4Yz>rFBl{E&yXfgFhmGv8_a*^y9q{`JEL$088;A_2vOSU9Lvdl1-h1}Nv za{JB5fzlOWX|-{bzk03muJ${lg<6uS!a5gp@N*@hIrxX8&vmqMLMorEZu@h&a#y0d z-3zz2B)*+A7ZdrjTm4;*?;J#St$(dBEa@`Z6ad;3<%&zCN{m22RF4kC*yft3CD?IW zDl2#j;vD4k<$c>-R}06uGaxzki{Walw5%x7@DHIwlFTi@FNw1NV+Ha6bQw~O9}Z&H zgN#6KNoK(uk?yo^k831jqtYJF_>gpG1Y_Sk5!2e}HwDeHXK3>iu7-%I`@*lFYY3 zzHQ+5oZ1UPu4_iqAC#&{>*1|9TeCqfVWz+72Id&ccm9$pGFZBrV9XN*$7Sqlw!k3X z;Wd@=PbIcvz~@!mkXoztJ!f3n0f>$G38Zntx^`!Btsvo@v4iRdChxC)MSFi;5i8c%47lTdf9&D|Xn0jed6Sb~-ts-6;!Mmk$;GHGmoTf%xH$%^ zL+U>Aa&@w;If_W^ClOX%Co$_n*}r@E5*??TkmNn^8gN!suS>tIz=iY6IZHjsXis0? zb8{Sxih`(5?piArI9( z;+LFqkmKA|AH=K2qv=E1mJmr$^!)_<7rxos8^^cW#?Vyt%mL`#9ufP88N|}a%~tS?O*}GdO$pVGV=Tp)bf*&zZTE~fTGY= z?5Qx9Y0IJyAmU)25o5rz9)tdK=qZU_HcqyqdgXeWW0=bl>~|T?tY7glbDasM_H{S;cC_+ z?cm+n`TrQ^zhzN095 zm+&4qbKlz2 zj@uK4X3;$rt@Srs0BP>-KcCKo`-Uar1G3u41GA6t=ImoPrSM}IGEqT z_4xu9Aci(thF{Q;7Lb+(*ov--CPJCnzBTE0G*lj6+tpCzM#EPy=roNlv}IaRE>V6&xzkgnI;3wp|9)HS# z@vIR&QQf;qSgHP00Y{l{T&yM$O@7omu%gY42|dOjCw@^vEE_>3Bn&GO z5EjO*&j<)w7Zm(L<6anmTlB1|{u*% zs6%LiYP`Ns$M9|9VB#$+YoF8Pw?qHr2GtW$N#?R|8pH7!LOy5VhhZ9!#k(Pm+4TNe zEgF6uXYxWF+(PS8`iXPg{+8qCm8H8GrRLw}SO_d{V=c+Aw7O9jC-IlgaW|JnndRh1 zB7bz6Rj!;ZI7dWxRG$X+dsUuM*3>0&`lYcCL)Bg43Zf~Y@YLWB(F5v^c;)pP*w{Cq zKIX-2i`NnPC3*U<`6IPHGb?@f^qjN|YH*QOKwp?xTb~p*UW@gub9E*W+p8d3(lq40 zjLDbt_-f;6H^LZn{Ax}+eSOg#eHU^c30*R&Zvp??nr!GRw##PRvtv!L6fsC%p z_b(c?6|G$M^J6*sM3qdOuFi>&=`t?w?GF>evo{{4gx3m%jrAw+WT}>BZ9t6`6j#wSW) z;khi7Sw`RSuHhsBY|%&Bt8uss8q%=DoD+hT^^>pVr3XVaiqDMQlKz{2n(1Xx*3|PN zoUd&**u0Ea7ZuYu@O~oe9dBa|RrO!OVgC$L=UcOHt0oVy<_)h2=h(PgU3tNoLD$GT zN#q81udiS8I%g=BCN=O1hvybKyW#;2TUExwH+2a6BQb<$tJCjMmO9z@(}&y71!sp? zDKWxCCTJQk3Vdue{q=DwRfbn>5Fyq)i0hLy5gnzTVqVuWn@Qtcd;VqnWJT(mbqG<& zqS38~=!o=W{j~}N*9qt){!zf{y;|m;-Af+ZKfH}TJ7Xs3uj#!U{beoYlp@m~soMu# zB~I@^vN6LKzh1O&fEFp45_;Ct6?`}~lw9(ESa;(rfoyk9sNQ^xDYUx2CP2qh>^;h! zZGa95bXRemmS1%_9TUrI^Zl%oHqu<=pj9B@^no2~S7o>Not(6bD~&fXd*^t`JuicV z9-1_WP3)X7yUI>Hxya!@y}O-6E36WH^?Jx?n5;M%{i6OT zS_du-D5>W0$y_HLG%P}ie+THjr z?{s-6qL1;6wIRM}75Kr$eg{&*;~FEaWR5_U>}{e&99VXOfE(VzdhnxP{`(=mZ$I(q z8Odyk0}A52OujyE+AoXbAXn0xL_4yB&}ZLWZt+|Ae}t;&p)M2~fD*o6teYxYt32bp z`GPUV&6%X@Tr<-$xQge~X5r%P$d_gvP!>ie=A*337ZCuFSrJq!1A4Zz_q>x54wol0 z5o@SJ>%G#R2vi(ULt{2LTqTa`sD39&ZuaMuq7GjgMN)hrhL#UP4SUcUdlOBcwN96l zIc{L9*N0nK3|!{%BXfv|O-`R)BHQaZ6m21e)@@d;RI>$2XzGyAC%tC3nllRcURN}N}w zb83;^_iQ}Lm0D=g^VMATvlL9(i#1^gTfV*)e&AAoh4HQGJK&+Z&c2PZP(cu?I5azQ zT|WioOSJ8Qv`v3YY`u?45A18ACxy`7WS%p-#6{fgWm96Pd-qR4KYJ~FSi5X8{-Rpn zkC)Wplai{7#Ch|<)rQTsba(whfwRUDW|v-{%92@pq;qJ%Ks)D@Ie$&9FOaTn81={V zyQd_@Y-H^zNtvb4@N&BA`I{&d(Jk!(?&g_CFR=gZN64EsD+cdo{OpM@@sWTU;76EG+`SzW8>4aAd+4sa}z-}z=Ee)h7x6R_x zk4>j)m}=3cD8C(cqTd57EadNt)7QH{~plLiVC{S`9i~kblm3>-AX z?MESR*Iuzn{?Yb_%TOCju#sc+)^oer&ZQ;-6J=z>q)#%0zm7b|vn>Sn^PoV(QNZr^ zq)Gzb)33r(>$hvyR!+Md{=@lb13w!{xb@ij;-39MP3V!F?9h~DbO=c zFU>Kc14CvL?y%8(-o#ceyDoy~``K%iG~Jpf^0r4Fz=7Yc>j)~igF>NhjWuY!Rl7eb zcb1XoDD3;ZNGcO^&DRo*s0+tgSR`!5tWbJaFxFo14X9^FTs;0>!uBybeVI}z`WYn9 zstBEIoA+})pGYxG`nY#(VM!(PXe=OjH~>x9BWcRC#hcbqTN&YER_G?mDqMbf6xW-O zkNyQ`79su=vKG_!Z)4tDW?)o&1CyG)Uo_m#s46bxOX(uX&G@z6ZM(3k2EX<$hZM!^ zCRESD0pl6qJ06myO&>A1#ab*L-MCDyqkvUy>34h&0I|C4L8Guru0mk|J@=daqCYzVF0Ae} zgraSRB!voOLKVpku}O47TO}j&SukciZS1YPN@QR}}xA;?j>6>wzrxnq0rTqx|5Fgr-Lh4IeD?LKlKqhqbe$ z&|d-T@eA;gp8zmpE2)9a!b)(p1p2$8GCaa(vwW%NF156EQ-y$mCD+xm#>F4S2z=M! z#ufPc`m(a$IO~32u2oAyaXd3m?>x<0solTkVB+?g(EH&hPrUKk+ZG9PGmv^QDTOkV z!B`u3U!fee2uv{6^N8AV?8tgC(#FcnCp{!l{1Egd)wI z2uWFL_shk&YKc;dZ*N;f>S^WpdbLnS!|dU$^|q+xQfEt3f9B};Q4c4Jo_$Gvh+^X+ zTH4r7PV2BYQ+c!0NqKBC71Ub#c%kl+W{odE%xZuA1;9&NP`7IA^yg&_@cH>TPknQh#@3*%H8>?)k5#V+eZ7OtcaHIzRyXPuUU zTFc1Ojb_Pz{_O~DTReykk~22{Zi(*G-mW*uyOc>OX8$*mFxsiw zVp^vr>6)D%8L1ehrK3hmK1Pn>N$-~owiyoxH`Jwo>g|)@%9PIRg_K| z@BZ~AKTEBcPmi!**ab@CPuyJ$}*ML!?VW>7E&=>Re87z#U?|@CUFpaflTf(Xw~-7P3?vn zd(9j(>^bWP{Iu@N*5*NV=dj?+XfY2D+TGlKYxAdndwDOv0vez0_?h+aEbEy5w)kA_ z7L;8K8K1=}-h4W>TCHCe-lp)}mu)0UMs5wE9sXKuhBJ@jj<}}wWXfiNBiquOad~ZufEPE>$5Es8}{{E zlZ*b`GNM@IrzvFax8Z5m;3zN zw=C`zgeMdJtgdF(0NAk__Q!ArHQqrygc$6xj26=S>rBH^#s$WZQ=vnAH{#N%7-9YJ zwNHTQ=*Z)5fHogB8C0iAZRz(8syg@lHSp;WNUzC|=j~WfN2H~w#%OX$tO*xBOCTie zDe`)&f5LPqzQ-hwwcZ_k&3A*`t>H{L-yI#!>p*ca!4JB8_`0gCWK%WZyz#Pz{e9+A z&rw+Gr|W9>N=ee+ZR4snqs{R}R`TsMnoEj3N3f{T*Vkzd%t6UvIf%o<*yd^Q%{Ib5 z-}>e)`CQDIxW4tNEn#!G-q$U??U9U+l*|M=dHh!2QiN%xe$_Cr;FEp;T!iM5|K`nu zL4mhb1D_i4Q^DzTGNO>WJSHaRe(F(5=@Q&w>o{CwfJ4NqBco4SsKpNz5G z;4jfcjWnX1yERk6>D{*Z%K!}cbRwq-DV5YL=1$ln8&hDm>Z0$FArf{8+YogRdMOtU)OK`UWp6Q1I~>z_J+?5a$^jjnWv<`P`$*0 z!nTp^feAPcO>S@k0mg@;$O~}s=hjxtb{(=#`yS{TvL?wed^CmBjWcM>cSwO_W1<#k z_T)2y%jyGVZ2k{&gW*?W?NEZSnyfhi2TBcDbahk2#^@K@iPsH{SO9J;<1GszyTMlQq%(a>mjcGDZ&ShkfK%%OeY<;7Yo6Yfr*(Nhe+}h zc-e2@q5D1-+)x!qRU{tkDr#eGOJ=Kswbk{|DlyX^8gS_({$PqDCd1JCa3oD2V4V(e zwPYj<$zGD(IIaewcPe*x^v_COl;@RH31Ds~VsgBH$%*5?!56P+mG5-@>=sOoS5YRO zrQV)trpL4TW98PS8V813;w+i)I^4nYuSu3{ulfm3kj6Um{DyV^$Pz4fzVtT~16*)L z%mqjBvE^sYvj@xvF&yAn;JGzt0hqv}tv$YnfB3s6n4+%1KE*Q^El!B{Wpc}#@VfBr zVt^XLD?;|am|w4NxRn!NDMdSbIh%iSK`uD>rLBvs&hZckl4mOSl7BNl^2{!R7q-jl(_+c8gsUK^NL zKfrxZ3S6R;-Tao_xT-E_Q<;4>Qnhrew`a_AqAs}7kELg8dvP-&Ter%aa1$S%aWUXz zXx-A$TR}^C{fKdC?OI+e()o6QZQp3wk*Ow$!yCgyX7^|fJcv-`BzU2qqkU7UIr<0_ zoGu!*JvskUc$n*zQcWwRR)#tw6AnQB$-a~KTm4a%U+o$N(#1--Cn!iR+oYbia{Fey zQ9xtRIlnZz#qjXInhEBD0n>W=RcE=Z@$(l%mqr<2cg zBw!+~ZUo74n3Uu#R!&>}o2AMajn}pR&c&M(wFUZ)F1_mkMtB^~)HLQh79Jh&k2afn zT}Ytb-o|-e{!BjEXYDRH+q8FKD^c6!i1LRAQcQ%bW%;8q+PjVOD~Gwh5jr#@nc?~4 z+$H0h_O#Wbhy28m9zf*$dB?kjcm3n_ed;mB-g%-2**!|pE`J;Jkr0_VRVMZ4`?k>H zV9OqnXR}bIiPQSRbgK{06%130+t(gvLsk)(3V4Z;C;;pwtw(hHq&cH=JsaG^$BS8Q z%af)>`oU#8)_0|viPFYu1Q>l%BBC=PI8Il)Zzi=vTa4=N_DZeaDVqpnQ@Z+EI66AR zmK6QB=NFqH{9I{lD<7iuOSf`;1ITOcNPmmjokTLSPFOTp7O6OjyNIG`*0bW+^xOS! zupM4axjsW(sf8MxOBf(@uHGn}C)(+pZuQ@sY!yQUHY57Jpa{K(csOlYMTR_FV*t)n zL2sK4#B(*`=`q@5B$-;{EtnsdpB|dwMGWKc{O(Vn2i%<+ODN1qQltSw6iv? z3q3HHKF87*^f5*^{e#Y|!e^FUuj^*Q$1mW}2|Kt)m=DW~AZ#R?sxjgkpE8j8nZ=Rk*y`S~ma99xB@v^~q})IUMmOe*gBBK^oi3kwOA(EzKe~ zVB5YEVN0zytv1vYML=9FjPaJzlftXGk*%{Mf6{rss51y3qy)?w6C-^F>ZhNq)C-o) z3Emp%i!R`q&obcCba$Mmr6<`|k3x_uPE$ro?WcEY3n_42lEh?i@8zo3?@*8Pq0jK@ zBztRT6k#fdV|jFFxd)0`wWVZgRZO}JX$Cm;;}x0w*&W-HT}aQV#LL_4Jx4~9^_r#c zT5rS_lXN~g9fh0ZQx7fA&Qv+~M1i=7EFG;q@*IWPh{P!{p>70k;7C4N$hGd46@()7_2K zsvSOc@NLHQGXeVCO#a{NHiV)e&QexZX392KFJ~aukAv)kSbBX={kmkWA~Nh9ueLL< zGmqH%3guJm^Hn(J=)|Ivu6-*?xqEufqy}?LQ5)6ab5yLSq-te3M~KHbv&+%bz$%$= z^fnHOBUVR|d0~VRxx|dkkZN?3=bE8?ub_4yJl0l=bay81&N|yp{asF5d*sLfjK+!w z2rN211-01p(sE2pKD!)vVD|K1j4r58t0hSS+eRb&D4#ITw|7ksqnJ5=VmGY

    HsC+yBqql+sRsuVIU%9}s#nJ9vvG~-)YIz1LBo2Jwh^jFqN{V?qKizC& z?xVU_(sy*SvVfgUT_B90PKKW{%OIa^VjvUJS#6=?(5d28>6GRi^)~jGW#~ILCkL(N zGr~KXGAVO>f~OHaUV>^{Dh-*@uL8Qyq?LjJLdJ9vCM=(B`b=5C+rod+Iwg{SgG^pq zE!0*M1*9{&a1K2RU)>CE=q`DQp6^YI?6cA*c9SyKXkZ5l=V*!V_lK8Hdm_$9=?C69 zymV4{)@d!(TPv*@G6Bogsfq5+74*9x&*dWfa~FnTq$pP)qPU;477uSG+79kai;&!0VjWb+ zMng?AO)}Y(tlI)@qOoHGlq>Pt4f1wzJY-pGaix|^+5#^QNn6lB{#SRDks4viu0o{sNTl1?Q&6C?vVO$hmxhGouiFraTsP{8AWy_V*&=(x3HM z&wbX^JM7s zAGy)}#|hb_6qmIJ5)&KQ*nQ%edZxygqQhHZ73Gx%T9*B`i{5!fgb%bRs>@%}y(Qdz zJKjR#_BFLeS)8ATbsv3hA@tQhqqA)-Vc!dYd?H(O#oC-LR!-Z)lv0&g4qqyCnU^lg z_mPyLrvAlZQ-Ddg?^C$YfCrzs_;^{RoZeaWNZHf`2Ly)A>j)*Ka@gkevobhMT=h@F+KcYzd=DW0R68prfthkr zwS26Nrz;eavfKAlDy0T#yXZ&eg7I&?q@W{0rt%84wk+u8O$kgvr zURd16oNAISiyQ_eCMbW~l&|C=YJXp{7q;~&e{04Pq0b6ti^{xoACkz5wS8O$%6g$q zw$@M!{b3?M;TQYpY1{hmY}kNgVQd#?VEptySD5st8H`CkU$W255H(0&1S9l)#naR+ zzvkl$f~8N`H;9gBE~RRx2L7DZ`Y@I5!UVh5PbKKr?ke4Tr`n*$-B_Jv6VL;f)n0uC zR}BaF`K<2uro{2~B;_CAU0>0GfaUO=8yteBxenkSUxh1f!PqB4)NiQQQrd&H_a4tQ z?oGX+28WXUPF$#va7d@6sSpdrP4pXAga=w2E2P79jtr|bXn)!1xb_B3pI++3O@n^| zwb!@i6$}ZePUQ?%FSvvCR$!6vC!)merrYdL^~8rBm{;8TX)NkH+0+ctuI~x=h+?cF zZ?0w)Lv93OncH%1Omx#cpYPe~6vPHR{A{{yS>e=a4B8UdJ~|cxEf*1AQxI2Zq4!)> zlKpi!Cxx5VqRq+|e*``=^M$R+tZ~ zheQdkdcLHCm*Vuo66M`01^K5M3(Z4&w1`IccZKxEQBCC7o+ri)2WdUgR)S}r--KEM%D)G9-Tbil&< zUvRYZc_Sthjfs|wuAKnq^1@OYvv?iOx@xLXG&Q1k0KjLPSf=G+=c zE%$60o$gw8N0te2PU1PM?Sxad%((aJY*t_5_fDxsZ+ujJV z`)3uDdkO2@n9|To7v%P9N60SVj7B~pxgGJh`RuviHSW)nmW~Z-$9%KVoV?9utX4=I zx=$q(tUC!)BT4_)!MjkXr%!1WW&f9<|1mkR~1pt8%i(45c#QJq$iR&)i zZA|YD+|wB;;pF3TN^0?wUnl6C?oX3f+~39BT(Y&cW?VQdoF-4>)(g+HzaKoJ`sZ@? zMW)za&DD}{$27O~R43cRseQ|>o|1BMrt94Y?PaH(-TXfu@Iq*gSgoaGFNQrn??vD{ z6eT^^{rq#y6J2}91bg6!r<-|ycg~0L_`W(0Omc!oLtV)JNc$MBn(524SoH$|ik8K- zNm^YWBnSPy`4sseD(OT*x_LG$J|BB61QSGi^YjXFRXWDnF?{P)-Oe(p(fIfKBm!w} zyk_|8TTHeHV?7>T61~_!EbE{5h#AsAbU0F{cNHfuj;+W%bm|KRETLsSZ`yINk+(qT zqzte#)|vYtXK6KbXHfQ}sm8r8phlS?@;O>aOs~L4{{=^6o}=&?!Oq*L+(MLW_~H#E zCwxhz=b+;a){W=If)`|&?vJ)Inao{H48%CJO(PyH5}@EGNZJDN%Dv}{<~oV$HyYG9~srwMf-mu2XBpu;bG z$vzVLxMF#`QLw@;{6ux{on}rlrhB^Sa`e&iD41rqtf+zaKxV!#wTeu-*R?mkE}?9t zd)$GssP?0D1Va35elpiXd!5_GzV-*ZXwVmyMq#Sca9aTEsT_nF{_n;VrgX7!U7MlrkaIRR2XzO~3 zJBCVi^+bC9(4}7dYY*idS*6ZtS&>}FkE|yBLbu96Gm3-~l6N}G+n8f~w^r(af^X!V zhOYw%A^M|=WN}H)<#S}Io{{22L>8YyiAB5+_2!f8#iwL77sAhb5!44!4F!m-6$m@jW2e`!$}1b%5|D2Dh;}bCv3mS zyfzcLCmO8#XwLt2X+yY${7~X|*rQX%$}4H@YK#qC$ja7oc3?^cKr^LBeOXDK&FL_32p@ui(rEJk?26u`+I;eMg)hqG%|*U?ck0qZXx7HHP%am9uw`PcJ`fOv zxIU)Rn-CowicEb$@c{9FbIHU$XO(cUArF1DCYo=0x{*5=0NR}Mf^ZFHcnRovR<&oW zX>YO{`tZxz`{U*w)Du`LQ`{UCnTJ0G^u};`KppPYU~*;Y?lNDS30?Q#lM0E`C>vS| zr-jvtD>ASA1Y1|x!HJDSUk4UWEpmO0B*qYymk`;Och`66yN?fpd6ua9^Z1!qE{?>E zj|{7+Hu>I`46TA!IfEN&(<7nx`zEgwM)iG;zIc%+_~Fg%U6kp9v*p`@!@}BvrwuNP zj6Oj6lVxY}KjT8Kk*M6Kbn%*#B%K`2`m1zmLUcZkmFVSK7Y0qPb$fbA$bfw*y$5*G zo(UWRsbVh8kx)JV==Wyp{4mvUG~MF17AJkq0Sj`5isodnC;fqNUE1%5ag!#< zEl=Z3LcEi`@sDj97@f|8&AL|rkXvX&04>{woK7%@;6E)7Ke4uVbDqj;vw>H~Lm1$n zB_f2~vEz}CBfCKNYy|?S#Uh~UuFikYk7Ed_n)y?d00Vvrn)UDo4ik*4)aKIxYTrn zqcg;-mzpC2(RJRw24vR+cRTsHR^z#2Ur=Ia%?Rse(ISZ^*sLS_W`1mG%f48FjVQV| zEqHq%F!2-W)|qbll-|E~AXf<5_%`?8ZHp;ULt7M0_-?Q{Wy0CvWjQIM!9$J^`w@*k ze*?JmPP)?MMV7$mS6_tX49qNRM?*mi(aZ7NV@3Ftew{OG5fdpXqkVbBA%XTNKQhyd zA&f1>GSSN;Me~X0?(*pmCHzr2O2~w@FxPkidOL%7U*)~7%AG?T8#=@P^ zNV@<6V>Rd-B`5l1=%>$#qg3~sZHo(rmzPqB4~V}PuV|rWIwB)LYf{e5Wl$0(XY;}6 z({$iD6=q~_o(7xnWK#|fC-%t-K!tfa;2V!FYf`#2<|8BvF%Bx<$_c~VL-VxB!k*3FVAz|SGDL8dBsO5*0Pc0Qbma~Pdaq@NBO zQK6Eqy>=a8Ja0hcx4YUsYeL0q+8bruLIUyqo! zEpTsn;YlyzRPBIe_O;rU48g?YwQ-#R7k>IX#t3D<0KV3NkFAKfOnd(7KapyBWAa>n z_BLaPhb4@KGli>4RN17TOgN5>1}LYCrhi~`r8dDf9=W&dCer5L+xuQDyPe(O`$-Yb zL9#r;?k8rGHEGC`WcNKa7?KcQu*}Y?c6CEI3ow8*E%DG_5BnSAc@M)NP&X>FkEEiU ziof>e;KPsm-rp52HPTmwy*1$*padhE07hUX#lIl>sT`nR9r3OjH@9{*1*4f%CAXs| zpYl)}CRAz5e#*&s7gdg+@awwss{O124tgPx*F;B`@rT+2cF%6Geht`q3|C!*tv@|b zg28cI1h=|F%Dj~KjtPASPBsl)ieifL_!doWxR-Y7t8~5y?W1+~UH)1TjxRF;O#}98 zvmc^4F$hKi_;5;++$pf3pr99I)#zzo5K&O*R+Vu{s2hZxHHbtvB9y}~dp9lCv=vbB zzstYXsq z_{-VQ`zPPF6?Lyp595Ml^xU`1o^Kvg)Y*nT!^wd`lm6>Nz29l)iUoP{cCDt0MN2yZ z!fZ8}7!b^WOD+W*oMs(nNebuF(AFbJK$~P`=M$JbzaTIXq33sf{yqD(j$SdN%}oj3 zK^Im)vIv?w<_)7dfmqk;t1}H$7ppjZkz8u`6}et=)oa_?VbK=fs>H(i*s*4xHEv$H zU}Mgu`T8m|e`4d>k^e<09e@3I`r^>ZwT69pYI#E5Ah5AY55zgE_!@iH9_t5#nh&wE zV{A}y&bmFH!c>|Fu1aaT596G-9I7J}7Oox)xZ_y{soE6^n&Cw!3!d6fY z5l?07FptB9L=NX81^TB}oW$j|A5AGD<)A9Tw8l|)T-EL3jpiicD5)svs-2LM=neQv z{*H1wa}tcj^Emp|n{tbtHE9#6`#T*L>}~t8^^^w3LB4dlP)*~*kED8E;igdNa$Wh{ ze)#vfHioxjYvMS0QOF@RD${hl`j%5{tm`4dNAd;dV-GHExwce0pVR!Q6JNvq=gdOO z5%&S1wufT_6%_~VP)77m&CVH%Bp9H$iB_M)K?H$pIYQlbbu&3aRtflU>Xs)KTD8)| zNcr4C1U?c3Tzjv?(T+LkV|aWO>g~_k7zKVPp`rnUJD(LDD~OxB-X{R(JQT?o%uLrh zV7ZRYj=`9srn;Do4$szW!l4h3VDCB+J7q^?BMvk`WHCd*JLP65CuHRt@&Ilmw`v^zRqYQanI@I^Z+T3p=}t1=2vEeg~}^g4Rk6 zR1G_ozr}*JJ~6ii->_OuH$aXs-UHt?Fkg76F$AbK{CCZqCm+V4e$#xdRWhH$+w<*V zqvPdPDq31jhxP8o9U&nhjXG;WNl8gBKxSpq1#rJsR+ z_QXjK_06CdtqQVv>*CT^b>FOO67F$~W?CWnB#~5CpJk3xTO{!D@wvIZ-FosmD&Gvl zW6m)f%>X)uGT*BGPp=#{pxN!&ExkWi$1C!mJ|PkF+ETrJ`}X=2m^5rWJaJ%xja?T6 zKLP(BE3!1e!MxA2qc0}W=^nX@jedM~cKzhAku;BRqREdR?{2rK~ zN&eE^N6v>HmRzr0RBA;Sdd;Er9LFfL+IqXea*O-Vwl&{q?ek|H$Ke%qys#I|!=Z8o zVv2EIEBDj&Ofyq$!=_!${n*UVcw=h#*B;%H#fJenFBx@7ZNeQ^jmAX z!vRpyhg*Fq$=<0c+z4?eoufEskO3RPm}P~p?(7{p@!o9JhD*Iu0hrJ&M+TS%TUVrY zo*2E&=hV%V=i^u_-G5g2g8cL^Y$(F|=cRH;{&lYY{k)X~+>!pzPtZbiegA|?|1JN4 zpXQ%1%D|EnrdB*n;oP1ry62Rj1H%>QXhG|mXnKmYUj|GeoIM>)l~1=8=( z{@F&KUA5{ium7`_Ura7TU_Oj1tMnLFt=jY1L+6PE+OfEAIdqNvKhI*hlvHqoy1va> z_wG3l@QDF0aFYnALKPK7mDAEs zvNfhD{IRU%7=iZsX^SO_9YD4_vC!glD8N0B?_SRQEwAoQqM#>7GeGdSZ`TY_MrhC# zcC7b-MGE>Ri)b9Zep~RX(arIkNxyB9P8UfX>@UV0YaU_ci^&-aqwTvxG{zb-h^d7lRnoC%-~_wpw0z~rVHv+O+_%btwO|3*3F-GpCJ zHa*#-rQ?Ol@bgUUt_(HXbG@G5m*)a9T0!!u1QjeA7WK6hE* zK$6?T=fcGbHuf1o2FG?osjb1dCD*SvK8K`aXKX$rG+f-~Hs`mWa;iIain~2px*b0U zRG3OsxlhtynCUIG$1C~D?cD#?n~PbMylkRq(2zgfxo{ZLc7(HX^De&S3!dXhZ9}czD<%sr6T^NO6Td)vmfvWKC}N!cOJ2VaPhpIeOZX_Tk@_&DDf8Z}^q67sf|A zoAg?hb;~{2?7nkPM&m?~)>_3e^5A7g(4yPV>Tz=}y3p8T&z143^jLCrSOCEDq(&Sb zTK}xB)~H>{xYyqC(A3t^ad2>WUor)^y1uR%8_a*%hv_9^K_*?FDXvy#Q8e;gTPM5U zGZcq3uk1p9@~BHPxi9a2HYXoaG?AzpKS(AKl02N`BH*0Z#}W{!VOy8e`!ayuhXhDl z373|P`H6qTsQG2hliPd;FAijg{ZM^5AA@>Imz~|yUWF|zxxUiQ8SuPuS$rGm&YN%g zm8PJqrvS+sN3Oqp+p$++gVJ}HRPb<+^qPdG`Ao$q!T*RUO*kZ=U5`x3{L^gPS9pmbHcZm%~#Gdv2lylRBbF4{no%rc;&as&PlHzXoEgO!~Tq>hRMI7F|yix(J(Hu z;&i)`tOmttRB!V)ldiiByP9vBhO6A#@c8rUipd-J4D$~Ir874k5%hXfDn{hnsj_M! zKNB@FOM9LhXWYgFGJnU@eBv8=HChK6FX3GxdZDetlR;JSrR8ko-2a$pxJ9FZj!CbnfpAhHmjh)`hRsn)%m)xYp z8Q1aGQROC6hxAMWaM8VuWmGT*%vR|Nc!35ogs+~2xgISPpTK2?I zdX#&CJaH$g+d+c(c|rb(sHZC*DE+-xB zJajLHq<2pU9VB0Mc&Q$P|`PV$s&kelmpExqM-q(+!>hGCV$ywN(caQkzRoGWEAz`Lt$$IFCt=VvqL zHmA@ec_>xyQV>Qi+4|VMnZ@JpFZtvm7+r1M6D%ptlh%9~eubw7EpDHTh`Rl&M=pA)* zZSiS!>6yN_?Vx;k*r$6sIibFEv(e2Q4{3!L(QlO}0)jiH!>1c;hl~vExom5xN;QS5 zF#__f9h6fQT;7|B<1P2s$WONg!glDR>l=l4OgBv5C&8Kea(Uzg*air147SWOZm-ZT zixCxf_O3|0A1B=1tMT#Mo9@!wPtT*Nlf+`@Qtn`|Juy70z z&N=;FMV^8{yy+gol83?ynXW$G0nMzBepg#JNd`c7@uS}rV* zobt(c_$t`i_O&&i&R>H^0x?lfF-QK@s^9E~~S`U-k}89A8jQS*q@Ir3*?HrGHya`TfMHTVttu zT0ARiKJoeu87?IR(l=MHB!Bc=@>T6pQ`z>{m7A1Ral;rMNI+J`hx>IXDjB=p+K zjZ$PH0#qSKKfR9(G)>u-ztpSVBK9sz7*~rBE?eLl={5YK#7=eEO|Q^6-j=;fE(V zxEW~U9jT`Mc-#^BLSH`PA6@pGKr1YT@bH`(p!g*P2DAb{=d4m?@b`me`>l;SP5;=G- zRQ$Y0v2F6Fht>h}p15W3U_|~FoAW@gHS7ct*4p}}6jd6P2%9uRu00CKTfiHLlWzx& zWY07Td$ly;8Qis6J6;&{`g@c@QaOE!77nC4ecCLo&yB>UFCSBshD%<3w!`xCO57H@ zB2V3JAv4=PJ=DU}O%=i#4Pa#hIUzkuC)-asgy#&Tq@9m5t>Or}MeC}yrXBQR8d#XV zh^@wTP>lUGTd(P5TW>_=SD;Lg2p z1U0Vpazy;7Q03Bw&?=q!2__GObk&G8Uwrb7=50jx>x0?`cQgC^0fjcQ3I9cdz(&Gr z-sNB2jj~Dhdq#K%us%;Gs87?%U6&WH7%+(BdZ<^T9~Y_aJeW+o={Wspu5$70y`DvO zk3Hh`jkqoUxFx1H%Pz)40=XST%s^VPW=V?Gg#2A-=tP*ji(ih-%#KW3%u0W)X=>6y zDt`Hol9^qhw!?B_=hrs-RZI&o8TkFF-o&H=|?PO+In$bTnu(bPU8kCB^>LL7$bRn2*iTihb3?J5j<23b#joe=L(Q`GPAr*`LLF89pt8n}`1 z4HXs1pATxV9jNh+7@VJ12fWQ1-R!&R8f@PbUSX2cWYqXDPaBl<9K>Df@kqFh2@|aU zWE7VCnmgs2i$9jw*q-+sx~p8$leUnK5aghU+R%WaQSw6>a%tSYcgN!_4}=<)w0V5UFcTiYgz`hKo$1Wev?1vlDuh68TD zj|JyKvg~?=<>GuK>KtAw5&QTY@47eKG21}FJ|7i)Wy3I8@Jl%zauQHR6Gbr}ziAQvM#Bd-zm;S~au>jUE z@dRRZ{R-h7!Zr6I>w_1)p!YfoGBE@02p3f5?~J&Da95;w=qLMbz? z*#S16Ub`aN8jKbL^fh^Kv;a9qN$Gkv0A$z!^ipr+=&h$;Js#dPq6A# zIhv0?;Rff*DwuHw-@7>i6GXl`+O9V;D3aRQ!5YPBX)3~Tot|~k?Dt1j-uUJ+N4z@b zSKD+mnhXsAht(@1uggP^Tjb^08NP&)m8aCL=R)JtpHyD5;&As%1or*rJj==)-!)dq zCFhUHHlJG)dQ~u8YwAGsIcl*88C@rDIQBG_Z`+&uZ?Ew;35!n&LEja}&)v4u$vGXY z-#U$Y4SF_5#`3X#6A+`eee5E@6^aRZexQY5yl811ujQ%fFQjVIs{+^88^2CZvfsc* z^@Hsi-l`$vI@VC?zBAKZyI7SRN)cF3sHM|i znYf?7bJ+QOI+Q3LxXd1LGws1#@93jF#T;>^BrCfW(Ki+UZrmfooj-9^vN}niMe>vZ zUd0w3DJ;@-y{qD^uQ~5F9ZM*~^bI!ta|ZYGRFo^P&j@Y%qoCPKS>t*CX^9#lc54vg zwRN7bi%Q?O#f?QCV;Jr!GIKi@+L@K8w!Tq&0=lwtV|9DFHp&7H_cLR>kTWTG&fY@gMI)z8X5?ZLIthXcb` z_uqMumsjtoV}BtPz;yAvx#v92^|`ToFccTr?F6=5{j?MsMe~aPlg>?0?1D!0 zYPj&n^V-ofZ_I3WW7_SN&_vX-+-Ffz?s%fRppTrE>zM9a@~+r$Zud81^Mpj{HDAw2 z?aqfG<5VVr`?$;-R5uR8dWPp-Is8C}Wp~ z21svJ^wwI099*-?9@}g)uf|`>a{yP#YTS5CGw(yX{v=Zv=lRMs-Q82&@{|Sf2JQzs zDM?%oHyiLiUx%@>i4PfSwyekwmMq++^qf|YK1B&y3G4TBW{!R1YQ++r)k!aU($ve>p_W^=t;+&A?e*x_Lm}(MgkT{ytB&tC;;EE+z0Z5Zm-dvf<%>A2spjo#&{(M@V!f+Ln@cu^6Ee}M5DPFlb!)%iEa*TDC z$?kc>sJG<{tE42`^^)84!+QQ(WYnAfd0O{P-!E(FzVY|EZgAw&Jah8o&OQaV7wO#E zT)JP`%Vu(;>P5_iy;HdpWwfdC`yDb&dPE{QD@#QrD^`{b)1DmW4h4+zOF8@(T8WPZ z5A;S)4$2a5>x}7rlhG*ZhyD1EId1ht+Kc|+v^|5b-S%V5W<}H`x+jRs^xwv&q*dRx z0SAih*lfVCtPdb%>FE;?9z1pWiZ4&!-O|smNF7mrYVm}L0zKoHz2(;K4twR@ayoeL z?>epB>GsO->n|UQG;b?z@~B&M%!o(Ur#mUa+!{9Pen*JQuM90wzR1ba=P9WxPeetR zAJP2Mcx$zS0c8g(`LoV1#Ni&{3G97@j(r7Ea97CDe`N_Ko{gR2yLp@nHhlK8{QWlL zRuL$375z|j(Dl*yOF< zhyhdD3wkmSzAL^Ph>446b!LeUWhcIF4?;;d-S;3i&V*Rv@^SoJm??q)vjqdi80EPFc}0m&|iK4b#vGBpZn$CQ9t`iJB)5QAdxVdaHWBkk1r5zme{b^x>RE3>8V4F74Q|NYj5tVep^Mgiwh z)b+W>dhA_u2e+s@SAqPw>iWZ-FC% z6FJ%NM!W7n@^4GI8=;>4s^~{|@Z$%XQ-urPDlZGN@%@gWr!J~k-3LMWW|CjjQK`o? zDRwiPPBphn3che%9Kb<5&)I9aq@tQ_v_!&@doJypTRS5hH=?-Z1~zFk`PV#yEwc~e zWZOTbL<^Rt4VT(m+KNU?HPDjotco*MzRMfyfIX-O4pZ2w{iDaua{{E4Qu^+&C z|H-@W_gBr4{f9yF(^1o|zedYb~uKpyq3`>;GhQ#Rgv*>`` zQ}?S8Mc>p@G2#13s}|3E5!@$E^;`4mW;8A%-|h*?WG0c{m-n$NXOkv`1eZK3h)$!VbmWH}#*vwwy$YvXc zz^)G|#I;~xf5)e!*DGsBT&&zrj}4psB{#Q>+zT2;FX*Gr-;SP+e#DrVD0ve=tLwk= z;PeXPGbM$;xsr{*N zn`-dfjOJ~D41quzn!XtOTyM{Nima`z8Klp(F-~xDBnx|cBwlaq0&31YamZKrw;krt zc9AFPra1R`Cg@_}ameEi$R8t9q=g1i9mDWr3Q5yEYd?SxO&`;i?Nit6uRj1`a_b?n z7~t?;uZaNF8tDh@gIzbzPBNw^Ygou-_wEAR41IdCzRCDL2cFZ{BmE=ZUe{`JD%)Fp;1enZfbSw4R?`c@2le(x5&Dg1P8Ph(`7(Bcklr2OpEj z+;KAH$ed;*$k}(>jyc`*5l7?%^~8Ywb|&NKF>Vb^-C;V0^@yIVzH4a#;YJQL{+XU$ z-QF&DCXnkf=Yq>p9aMYg$(}5eG)%*l!s6Zhij-;wf30wH|EQ3~%zjV)dBJ#1>Edyt z^B{`V!TH>DpN^*95N6YRpdcWOQ1wKh01 zmz{SIcLXM9pS-W9>znhw_-(X7us(xA{XMfTaA(m|e7uZ|qsf6d>id28IB{VQp$ z1yc^EZJs)tRAhd6FgZKXqcA5$mB&ab-f8s9P|ykVX|SC}iv z6S6DqLNPNs`WSxQ^v>2D)=WNLNy#xeOsD)CRH?WDamMd{aL5=a-7^bXd-iFuHE`7; z@dLQ=Qf*Ij;5qArA4PDRcW+7JwL5xbUt(!y^fad`&AN2gd154s_eneom2{cf+0*ch}I$>C-m4 zmlC8;Vfe$H4iL{AkkS5$dLsYFd5xfqFx2i=mB-pA>UgLN*{(JXS;;|o1{63Up(2uz zQL@I=7pVq=B|OyWdTeLf#fy7`VbfwF>4Qur)@r}E{Ot)k??L)Jsqq*c^n_?H^Tg~0 z#EnSBjTns-!)%qbv~r!1jI~5z%f5_U^f0CA_G?4NNs-JB6VRO;)*BT-^zx`Tp zYcGDzQlpqK6WrEgIyE)rR(NTxo+!CUiE5q)wxkT464+01$$lhR`ng9MHm5rB^h&N~ zEa1ykh4q)e0t0v*xS3uK%=} zC%yQ6@z>3{lY1v;XQDv9y-Ho7vH0}lWOstyvw28pgXt9adP3Egl1&;>be16c_C241L{>%rF zblE7VLJo$|GM~gLs%n0>GxPa@mu|`i?A$IIvrHGXu#*P{y0*5~&AtB`!7~=Rnqq%B zDJ!BTo2FOhJl=`R8$rrac58pxEQgj46Ioe3noU0+h_8WTZO0$~a;#cEs%g;&kHoOf zTzMW&`U%j9RlG`1m0Y^5DZ1^l&pO20=&+O|BvMT|fgYlMMul9BZLWKnT( z-0AFLX2c?>|#p4@*Ql6NcOpU+aV)b<&eB?Xe zla!jYthK>^&679fk)`U|M`e@4Jpm_As4I}Hqs>RNC(8KO7LkbS>XH=|72Vw2uvtwr z!AzHG!2g=a!{oO9@?Ts4>C|{$LbOfLGYDd8RPDmR%WG&Wg~M|w0s<|jFv)!SROy17 z_I=zut~)TDd*~hG&XNysLxZ?cy6nqa{3A6jEy^8jJ}P%L)W3tRODiI>GLOP4A_6S& zw;Y_D;|G_e+KsVsaX3Ky6h^(loz?v~bHr;m z^gd}hx$WOElpj8RbWywX-^F8y55F~+XNZ^5yhWj~7B8pyYiM(3kWo=7`T3JKH;n-* zSm_|ZcmSyPx0YQOBF(O)2R;glZ|m!ZaBy&+BqiS$ zOjcP;(i}7;6xM3O?F@C4mER^>$ERwAEo^RWIXv7rNJ&XGX`&ZwZRIHmAQa@PTKzDI zg#!uQ(*dF~ZYlI1g0aR{XS-zSz3AN1jAy~s-Fk_qtDA8&?<@9`4FpO9m~}1;;;<%p z)HipCfT2*bFh{28N55xJ9adIRk?NcuVHg-Zxja`BK%=mh`g`#LoE%ajqkEoT9QtXNDGHz!tZ#3#AS=Ca zyT79c=tE1Q5cM<#DJhiWwtE&}A4&JhN@hjdUFgw5y^^x>pVHEP<8JfPXEQcs_{;WX zSOT=Eq+!zoR%zfO5P>>zi2-0p40%%735v@OtgNg`jl>s=!^h1J?USe1WA7v%)AD?d zLY5LPt>h0sixla}mu1>};YpiqXXENnSC7r>J-W!6X4e+njq>vETuq-Ov-s!6AY@=` z)|kKYyyJ0IrNX!YP;US19-<}L4;o72`-24K{med5+K6$V_>>RaHtSoT!e=^b&+&AwLhQT2r78lw`2Jk8czqAomXyYS407h%~ z)Y8f-{R*}2^N=aFX|-gpaWy4ylT3#KGcrgJOu^=#8=I*IpkBNIOg~$kq~ffzhKX_D zIdfWke0;$2O6lqfKn<{EtvFQd3C)k>eMqn(rJ!rX05zWf5*c)?PA8b<3}i7V=8Fux z#0~U-WhNE0>I^hoihYfA&ju_qC*ioyG64fFVH)e->L>=jNC z{jrRgFyO<5T7M^}{~4E@5+c(qn^jUqYz<&cXaQYaZ9Vr>d~|0deZlhf&mU!&&!0ax z3Gq;ne5>KBWv!kIpJUpv1`L6i&)sX$;Bp2LGra5z zoWQCl_xbZ{7`wJx8VU*u7{I#HmT4C@3g!`(Pn}J`A_|>l=K_?RM(s=BEAD0It!nQ{WALMmv@ z`7dsVu9X}{Ko0w`#%`9?w*d?uK)V5z;)3qJzKx9yBk!j!@+YiTUCeg?$N2X47HX~m zU9UCxK|%tM9S*Ddg{#kvP4hJ7<1+5<{J`4|rErHqiQkI3;#Gz{D4&&-PNBvRRFFI6 z@oA7sP^o0f&3z9L?Y-ZZANd&mf+rnC2P3#Jr=1avKFv&&$7)UJZ#N{4th79izXADEDooT8EXw088mY5 zi&p^l*@_f|tPZla|H#VvdUN9@Re`&4K%VvP$4E(W@#}agYDth_vE8LQBk&je4m^;EKt$LDoGysI;d*A|PEOrzz;<>|ixN{QoSij-tCj{gZP!Mq#^1;hn`HU+~Si_%YOzt^TWoN*Wow~{l@hvmBZvd>zAi2t4 z6eWBY9Ds_yetbNtrsv&rb+kawz+kC5VqTh?lS7g_{s}-qSw5=d)pIf$$z*=nDFDJR zE@mhyE6c9gBr>g@)656{*4A>DCBV`#HwKQITPx?6%B)xt`ehRV#Y00K57>zY0Hgwp zx)$ps)m0z|6n>Zi=X%G!Xi|(z(9W%_j0On!hHT25rZQ-A0I=YQ$b)FAR+MGtw);Q} zd+yVcWIAW71Oh(E1O*>y{D4Z6(|j`EC0{qe{RnHbS7yNr>&bD(ilk#^j_{{HC0&*~ zkF6U&kEN|xH|wIW3=0c$hcxb}R~f#5g}uC&m6zW+sAx}MsS$Nnz7jnN*(jbd@;d9M z1)X+dPpc#+Cu=u*r8IjzBj)QUvwfoYAaBS$bLysl~tVl#n4WWb7UJ=&T9&IuGQII)n#12M&+7WeZcUb~D51Elf$nJ_KB_>NOoWcz8V0tFYk&>~Q3)s2VF<3|Lu! z$9uJF$xAuTzue{n1tx$C@!QS%%l7tmBw+iYZf0x?_CJtjoDi2ki}<5~0R^y0VVa#f zHMDsc4Dap@n9n+=uTY57WgM%)AFrUIQUtg?1%QUit&-bgOOvv(K?j7_1|NrKitT+o zR-`x-sf-hD1$8hsO-;L^!-@5>4fv7+F2WZyIl!=cLUH^*hQD9~fbRfuPSz}oaVm!y z6`t5vT{lS)YtNkRpL8nc|v_=-x88@R1 zp)&cz(ckuWMF(K!HTz^wa==0VIN7!u|ab0Jx(L_zrt} zdw^JS&G%ZD22w_S1JW^e@(E3vW54;_t~L!h3}B;^6OVeQ3_FZDvOkv?3>8do0gu1{ z&qSxEN5~aW0)8L>a)2=X2RFBd&lG|PejRT@l-8pE4if1U8~jnWsOeDB_!oBo(Yi&v zH$r@ci~CVk70+pVXzz&+c;o(-vjN6Z-PRPK9-y1_bad|kC)S|rC9q9`&vElpHA2Qf z9!9w>T!e0RVLG@5zFI_bVJ;IDU9W+-{zAxc6A9QrV{B#y>;oeMpo2Q#GTLtl&?20)8Ss;c4u$N+RA4AcfhN55(1vd${4 z`LKrt1QdWc2@-`sF-K76{D<$~@9HaB=85mZzn&eR?7HFu(bdDH=0pmyKxex&AmT_x z)Z39N>@85DTJ{zQYM5oX2X6F5o%i7DRT}rdUiQA$i3NjGZAxMx{s6H_>eHt;fY-k@ znCJvqleW9fo((l8rBcBohEUFu%sd#o-MmF2`5 zjg6r&7QoqfEZTG%t1j;W!{zn(5RV~-lnPDNLEF7Fa){AdHDwFjYR@p;D z>A|mG*82)BsnZQt3P*&6ZG^G5>F#?kK0 zpOY(G@zwh2q^{Oc2qMHAEL8uToScY@uv`S+YawprfjzANV6e~ZzdO#s!2y^J5&`F6 z0AlBLeG4T)VXoerEWm_?B{k1j8G}1+T3yu#HU`S6s;crL09rYx^4%K$MkU^)%wewqNX0*;OC{Qro1>!>Qps78=K2?i4@RRR_GL7! zI44xt2p+FVtR$9{@X5vtcaG*8BFKNBSRZj4hR}EMg>+DEzEBl}0!2KVR+biaArMqy zEE;XlWy$Yy$i}FgP0hsA@dzy#Pw0KG5w(!e#3Qod2zFgQ_)mR({Wf%^NHOhEk3hOj zF1H>-l_VtxO-)Ty>tdzz!5H5&z$I(*v$Kg1j-O|ReRWxtNwyBv3yzKKG*A$U-cYkpflj>Ht6-m}~4c|_mjTmIdrDu0k^`F_xp8NxZS%^pulhl4BCx2z5 zsj5dBYxeOtX>R{kJT>FPv9q#b?-n{Bhwjk3Q1|J#hvh-h18iq~=9_%Iq6fVXe*gIs z92V9D#RzGqpfi*#sP@j;Mt=ytdG2phUdWn9)ZXjwR&ki}q?i(RC;YbV%}&Lu>H^!C z$9%ly>|kmt&uR|@*TCAhHF}w1NxjgM(zj|;y*`@lx&#Fv7!_a3%RhmNqg|w8tI_KJ z3~6k-?LP-n28K)PXe<98c=5{ie3{|{H)s^Dr)8%6Z|q0Rj>cL8Y1wim)LuV+{JyN~bWlo{u1^y36AU%r5%jfI6Hbgg)i5Hv zih+TTk6#aXx||q=7y^Td9NOp^ndO01=P;0qwQ0aQ2jSFI=Uc4X(g-@X7FgIT>DJ?}&D1Q~M zD{`MSWpjo@qN6k35%WM}G9anzK+GByN>{s`5evJN+~@2g(&BqwD39F2Vj?xVQu83O zQOSWJ)DJ2wR3us1)A+1_f+3O8v?!VfXYS4Q6Jug2g%P=W;;gzV(xw5zx?VWt=98xR z!TLmuhYP?rQo)<7w`dav6}v!p*g$&63&mnF^*JrdEaTrTpn%=Bc059d9LA~ z0VFgkKLH5V5P)v%Pj)s#R>9v=22GGG)MhU-_8w;qp{UreaHBW-9RJcg>nbR^VrPfn zew`fZ)XFMCO(&;E-@ku{=a$*|>+)q3w5wa!orx_^p)uM_$X;s@C~72fz?q$!E47}# zE*V6*Hf9AiP=SBPLJD?LZyHJ~0;ntkq}qb|<-R@zRJnrH>%Rs$4MG;g%gGFU2jCWF zpellX?!pOVLqo$zAz@sjC7kgrMl7gjHf;BU3~6#h@KV6j`fm?kx3sh*Bqk=BHs6LQ z=T+kS54{-jA~{&8N)$8tYliQlBD4(Wyu%b~g7si&YfA%*p{3;+^xT$M&V1<8wpDra zCen834KHu8oyBm^^=?hw8Nxqn^e!&nMw3^07Z}_sBj^-ei zkO;f*-MV#)V$!Z7f}LE*X@Dhb^ZJeJnA?mS$ARO=@0-7<71enjXBR*LxX|E>uOX5G zQM|Vv@HPVw?odbe#rAgrMtrxR;PI~a4hk?QD)YIY3qqH=UY!?~8L}tTIC;cacok<+H#)YE z9hY+8=K2I1Bf{3U5E1CC@%*{(_z19PEI=|rs+I`SQdb{0D}^HLN-riWYb>gSgEAVQ zfxf1{|LH+c;zWV!O)zRCs=>nDy$*fuv;dp1@M+ngJ-WzZYQ3O(oQQznOLVj;!gcsA zA0MRL`bbVg0>4aMKY#zM{I0UH$wbrljaTX7KK6GPmy~@coGdh*;MH(ZR3r><7s9$u zsS{06#Ez@!3H|Q)z%%t{7tqPY=|OZi8!KovI3W=I6rBYURpWe4#rBKvgNZL!JKEbH z2nkh+AyZOPtbr6TXzw(z37@-7p{%5e%37&KMd+TjMIzVz)IfkyP#8(T@LBxgx6QFK z2UIjXx#x0n7Q4jD)jtT`rv(a;dIC z-43CwwX4ej0RF^nQz(JX#=B=mEus*1ixf8`HVQHpf47Ff1@7_khQq32q2S@<41q>} zPQ)0OZ0w`PFlMy~A!obreSjWWZ}JUr07fk?8dX$Qw*F-m|LR}9fq@3lIzD6#`+ITE z>4T@|Wj@&LD6Tytr|Lc(oe$6m!GB4RgDH0r7*YF|74ZuSx(TnMp`p13Tvv}7atH9tV9?!XrNh;3{aRBk@;2+)OztDsTOT}{V%LQ0p-+9GE(tX?tHqANXnMeXZXO&IJ63of@n3b0^Aau| zHSj6Rdue<9Gfl#NxxPFrD=V#BoHUS@@cSvE7L%TU;R?nb0AsZ2Np*V3-Q69!+Ye87 zx<{*A1vm}3L{ecFDq2)*p`Yxp=^ky*qtrtZP6IY5I5b`N6qT~oTOs2S3p(T$j*pkx zyeYS12DOI)o)jcC=)LcP%?u;}EjM>41pk!Drs#mASp`ACf(t*+tWVz8j_pE@igJMGPaN09~62$49Y0sMs#L0LRbk*E`ln6)? zAm;?u)YLp}2NlPD+zJDN@jR@l>k@`qK#2v=W*a>RCG!3I_d-rg746}y`OXLCDbkVF zD<4w)j)&~)wLFC%+&$$_V|@Rinul?$=Xy?gQ=Nd;JMY@dJmkBhLU@9rNOFvvCkhG# zu-|myiWI^MfKFG2b0nb-vz!q%{qP#t1p9S$D0b^$Y}%s=IHbx*3a)wyRJ0*|Z*T9R zh2Gv?kV4hkxy^t)6%!S`0!kDtM7Qmb_yVWTA7}7kN`x`O@eUpysHb@Fmg4cET4o<$ z;4phv(zv6Zc5`xaX5nC%yD^DdK&{+stemYrbGS7(QFMWZf%{Tfxf$-bn)=4VLNkT^ zcrDDd0QO|Hh|kF{Gm{Cj;@B!BvfnVNv!&%O4^LP^LW0^I!E-K$p!d_!RW1@$FGYwn zHFokC0C3lD%{3#010?{=DWc;)K|_rHlH)C!z!FT058Vf4>i5Dzv2(OV^;sB7-$MmD z#8`pB3JfWU6tHK3i5B|ZaYAd8IWLD`PaPgqUvw5BkS(2^wqsk5B{m4~@jW$j3}IA- z%U0tZgqv@AX6Du0bCuNorNb4iix=|pw=VUk%AsB$crb3$S=P!kQN+!G4nia!QAjJw z?e^}*9e;^O*zbG_3b<~kysI!x{X>IDTA-2BZ0r_E2<>Ytd$)8u-tG9|>lA72fi!uZ z348c0RBng&rcNdgV9jnaw;LE5+H6igA!1VTkX?x2jEV)U(Jg%PxzYa)uSsi9Fre*8 z*n)PUg~hHX`&Rp_qiTT?S8Eyx__nV~^J9i(vvD6YDOY^ml(nl%SfKv;;j!|Lqn zO4(do80Q~FtBcDUb!%0-OxXN(x6IDMda>u8wY9aw^m`0*ep4O5h@c-x<_tq1D==VI zq4w=8`nMM#y3A>h0X6socK680h+Xr8)oz`<%^4pmj<+?JfRf{L-e&?z%*)FQkmpmF z5(10qh0jCt+P7?PIfh{L&4064G9&-*7R!H#z8L4CDh-mUKGqttn?Z2`yIv2{f3i=n zXCulJaw9+f_*n3$kjlUDL#v*6)=+_l%E)IQpRn^Yl(2mtJccFZ<@QG#6_p40l$4Zd zgBnzk%t8S4QO-xK$T3d~+1nUi!vxkbS$hK5> zepA%+5PrFJ4UOv3R1-5VL_?Kga|(8L_JA@yTNJJKgpxnOxr6p3e>>1Sv5;a6HRJFf z&3psVdbG2Eig^$qpis-zph|&7POxUQwYA~O$bOB8_>_^s z2*H}i_d6Y`cID>g9(v<|)P*u%D3L5nGlxz{D7JXg$$w{|JLKE90RvMuSwWohe(lZR zu;GJJoH}>3)Hu_kw&CIMv^09iH3&S{%DOt6tEC1W$_1VKSnBaDvsa1tD8`tCh2zA0 zaIMzIOAS`wg-5IT-Jc+HLb#?VdxMRQO$|3jqukEcbl5>sKgc|@If!aucc~v1Dv#?%hOHS6y9ar<3;e9D^tAK0UJU`jUw^@*dYN1R>7$Q67(z%7ZK|WSe??>HZKc1fo z44~SMvCx~P-?L))tJ}YL{#+Y~fuUxI*u}ydpL=><{^^R9f`KkD@MiIqS#ol6Y}^|= zAf`}70vg7cNVbZcAsg{nOi3aQq|k4np;kcVnft8{v1pVv@J_kZL#_d<&#d#*38np% zt9|s`f&4Cy`ot>{tHvzxs!QAp37heqN~6|H6(B?k7MNVAFsZFv8%m&<6~-L*e8dGf zQEsFca3WerYXd|yzITgwaK|ld!)A*h=W!Z#kptT60&+y4@TQ?28}Z@sO3qT(t%oR- zl&6c~>+4%g&hR*6kVB^d)1W)96JJiScHrmh%Oj;Wbf`?LR%DhJNI~nBW}k5nOZ;GK z+qy$r&WWQ?)iXN!9bqxAT(>ZaNd94)^N$Ne6gV>28<+R8${`!Wgdvr1Rc3D=A5Q0e zGx&NE?B z=?J!3)hgpixW5)l03DrS=#>4*4?7zv;KWxiTEbVUWYFvU?)1cTO(iMvg*>;4p&)!43Loo($K2nR)~mAuhq}Y`?bgSiLlU|va*7HlF5r*h$kGEdXdYG&Rl6&kxdP@5i8l3i$TzU6aD7@$uKN+dXS* zpej6EObR;OM_ORr40^jYi$NmdCYYU_9$4wNa2_Z%D%>G^cpWxRin;OUFxlPN+rw1?k4*n)vASxRA&>iGwo9@+aTO&x6$Xcq(A04gYkI zG&Fo(e|e_rfA;5CLQ)bRpEF7(n#T(8bk|^x_l|y0b@l#0H&Kq3ogGiAT)aWsw})U` zNRcUz4Gz9-xAvm=%^8Z`to6i*6m$&kTweI|=jpq51paqe4H`bpfa;%XK7rwKvQ|ut z%`LlgZ2QBlE|0sTAQfAXbNf-8y4=FHcF6F;`NGl(;=#{fn zCBXg##OyB?umBc~o(GZh*8!R=S;;QP#KJPpKLrZa%El&tX`mM(76>0-zkSoocO7eo z$ztH@xCCF$+}Vs$iXz7C@_l74wL;Jx+S=PeAPAG0Yj10t-JGe18EEV#18KPSE2ck| z3G@O#$gjM8OvX7-^!qpK_tU$dk>f^r020An0knbVtp`uvxfIjMp&%5|z6QFk2uA#K zil8j!kD?VLlows_HyHJz9&pHu{F^-5m?3fQ+=Xw=i=K^0S=@Q+KqY zvT{DmJJr$E^$j%V@NH`~d^^IZF?P`jS~S24$QU=kzJO0b!JK2y3#XR+UrkmP)c2JC zware1+a(;;eVXx+8e9ob#_FMm}ri^ac$(d>B;MtM4~ z@i8p8DBm#s#R9&QX zZd@gb4~Id7Fe*m}C*e

    UY&bwFCCPE#HYmM8t5T6 zJ^nOB+ype3?0#_$yfunqwdD&-k&WT2g>ix<7w0EX;I40<^PP|?%!_u=#ZLLORl=R@ z@2;=GSdP~UkBE2%SqrqMIS`-p3=Dq3G(4!pU>DtEV#*v0ql4!uO|^g{{vktoVb0Xw z-t0`ez|D8U{xb_o!2&ZtPW5>dXd6@3L<*9Ic`752Ibf8Z?m$`?9q-o8jxGQ-82EP! z2qi#Xk6dDa=(h$^9qwjT6Qk_;&2Ot75kdDBW{$(6zgI6xE2?qVWp^h#&+eacoDi}qs(z)U0 zX}wSPr~2hdi@^Qj z__ra{e!!nx-7Cemo!~-4piPWWPF%^U1>6b<^TtNyfu{dL#~WC-IAHq|6|G}#-`kjq zhlRU+v=9&dYM`Z<9I&%!Ry>3Bh(dfWXimommNRI?)r7~NGv!=1;uYiH;;N2~G8DGJ zM9qce&+0hNI^U;lF^?i`tw34?24!*Ym?glt5MVfv&*tTN zE551sR`2u-Kh-68n(a}EzoIs?q-wD>kfS96BR-p<+M;J=O@(`Udg=lZ!xJ=8SSSO7 zgSQ9>yrdeB*H?s*H3CE|?qikBxnE(8q9%$Gb-#h70EhVq z95&wqfNvkxau0Z#WIQ|-*r=loJENho5sY&#x)SH{D{7g6$XD?dXq)kx@eKlpmB-YR zHI1=9hnO8598`2i3ykprs7S{Nj{a%BCCV57@wtK5*#KSehH(1=tI*QXK@D|{uw@ISy@aoocGr#stc{7M_M-%SV2@}+eBoZ2S~KwQ5HaA2 zRSO{Q=t@=Se!q`#F5-MZK`BuvYx=}6?=yH8Z1 zbog_G%ulnz;{)c%^aqbVG1eAWnn7XSFn#J0#}kinxa&JjG8wk8e=uyF+J*Y!qnwdYAmr+z%gKi*$!2l(x+ znNz(Ujs;Gwn$}id)F9ajM;BUhx8AS{n+=8S%T;3E2L(To=}OHWP0GimDjEQqMX9u* zjLJ|JO9K0o@q_%H$p`H3StPi)d(K>edOiT+LdjcigkOKZi6*3J6#|?TRdwR z!gO7nLseB3fC9Kxiv8Mym|#49G4`iHfRD0l zm7ziaWL-%6Q!oE*v4qO%leI{Z0ts@agK%3UbW6%w20PfC zN;#UHSx{;>a$VBDMMB~`YG%;rM+m=tH(iJjh&_G)yQt!_H#T*lzP9=M#70ko+|sqH zpV6g=R!I!VG@T327{Ko84-oVhcp$;dB5`qkhPqwp(H(M%oWD3&XJ+11r)Z}cU-N(X z%sS~3GuT@gX-5Wf2qQK zv{7QWo&ESwE#csUm>l5*A*Cz?F2k;vhsuJbrKPA5w-FJ<5SH8bMl$@|aYa){K3*vD z#G3YgAo_+V9L?CW6U3mGs3*(_HWlF8a~%wS-AKw~_G~y?qx4|XxpX1U850w88em*U ztU!46`LTaTN3?|mTT*XJ6t^ivaWU_YLA(}|F;E#QWvbLdB+VXi+nSXCtyeCHQpoR5 zgkW{UP=5BH;3kRF+7(hEbeXAQnk|l^Da)AQx!Kt|_=widPJIZ^g(jccAQc>TyPwy` zyPrQ76%|d+u3}y;dR5JbuP7_5t}KFqA^Ch#kuz47uC<)>?+v;dmu3fqE2K5$E>TR| z(WB(t!UrQ5PZki+6Xh950_HopUKLm zK*|8#4cI8k^PTt$loJLVkdjZIJ`HH1H{tbfv_6X!PcC=3mz5%xW^Zl%i=7mQo8oCD zY*Hzuq0WPAe>!C+wZt`O#Ec{Yj0V$BeQ&jY+@d!YN%Ru(>id0e%A#P|FXe;`^YA;q zO&Y{{F&A5hfM_^}*qPz?2BNPEeqT4Cq2l=soodUi16bn~Txw&}4jtmAA>w>#`+zyFwaB@<5^ClUk zJ;B>iYB85g8j>*&(EYHZGW6EOTGn7J5%g9;$@dJx!Vjq~X1K9`}B|!*H7X`lM%# zGn>O+))F40&(alghmN8#vs9UB`S;pQmk(+inJpKe8&wB41&}2Tn(#aAF51%di2#uR z?NHd1g2c`zFCrXxXB?5@r&$Zg+kT3j51PUb1y3!EPIdw)9&q9cG8*>={_=}4my)J( zAYfU0pF*W%aWwzcxrptFazrNMVF0dr)Q8v9e7x7nFO`(|zMa$g;4G^;>}#ds1Y`?AFEpnMO=SP88U8K0Oi zhTQ-h3oQt(;Ld>>vkBDjy!`wJe0(LA*Yw{sB%D9zw~E?XV7+9yz57PB*i5zl)}V+% zeyJ?8-8)XUNVAOZFZ#-kVMqWIQ9hHNJgST{(LZ_h$uBq~C2ep3pDfp$>SLnHOEng; zVLiN*fTrgO-rPnft=!Y&h6CjlKT^?XNz6iUcA^+ivOe>m!fhMhvUi}kg-sShKV zBhI{D(hTaM#T~yc-Y1YPo~g)RPVx_S5U?m@R-YwMJ+o40u`OL&=$k4UHq~Sp;Vqz9 zjJaQ%e}~J3>0%?dFUV@vl#eY?jdYjBWrUz;U8w%_XlH4>l#?0y!iG|9m;tH)=KqSc zsIDAnG++>ebbAC~Q>EMv(MulEG*=X7fB9g{sZUXSKpD^8UH-P*Yul-FNl8gv3ybcJ z>WeOq%V=N%O8@l>rJq8n1=371kS4>ftc-6B4JBde&j@~mtDuZ6WMoo6O@OZEv)h(o z_<{7=^sE^;>#>X#>U#&|wqb_$(q12aW|?uJYNTO4ddrD_S_W7fO_ zI!pFeyg6P!NWwCaSYJ(Lr#YHsv%??_o<8N^J7!rezf*xhK(j+`%6FvAtvM?8P~f8I z=sq9%ojrx?ahC$(%g))`ADEzkPgG5}YPNhUIH_Sj2W7_B2a-mUr){M(&`t6wCR?9T|DQ04AiJE>Xr z-7!h5x;o5L)F3-zinnht7#8lDMz3wJ9k4dOMPjB#URxQ1rD4Mo*6$#O3*2>dH}8yUM{(X zfW_e)sx$+&;Lg&YSqtj=CMP#mR}D{elJUSRTPSdh&&A-mGDFlE&mmRnu7+#Ttnw$@S!N>rL6hvo%Nb<6<1*9(UG7xRL5W(yC8!qhXFmhvQ?muI>bJ=!kM z=n%8dTB4KhCa-n+!#0#JnHwkkd0zU;@{wMy{ZleL-zJeO{Zs91ZU=m220}eW>p|I_ zm$)>F#I{d14_=mC6@EMt8!}S1f+=!-_#hTYEb?`g!9Yr(HgG8M*{u>oNTc5oWeqjx z)+k~nR6Ton4MW-Nd4O;u<%k;QE zXtUlTORLn`cxlT*Z+)z@W zI}?GRH<$q`cA-nBa>-=Nr#+1%H<@DQd}Z{VXfu#imNtx}S4zQ_4b+qI*e*KVwyc`I z6duQK~@0>)$KwVge zY1O5yBSRNlTkU7jKgm1R+f!tspGiyqfcIouMg}yGy1B8;8kX%T1J8M30ISsWnfvG~@T`%koaF@D#462P zFGsoK@I(iA{L<4+WH99KWNDO#MVQZPJyE!jZN2*Pxc{dE&t`gNE~Kco??$1?5hNe8 zF9Nbi(@8nlyWFm?Z1Itw@9~eNOtd*(+H0G%bu{z~cJ!`XN;f_@zL_wn zW`yTNnbV^nYf;var*h{C#!cF{J$K=cr>{vEx0MF+f)LLmT9)v(MVC&914CEuIX%SP z>vJRECLH{cKuVtX=i1xW-TElSsu@qea#lYrKGh3M0(Ydv?!26OMw1zn6(jqGhOgt) z^`7Ot4RYTuI^0HXuL|1NqfRepz)Ayc#sGb9xHE86pv+g`Hpz9ra6{p@$qIgXdEVTT zw#H70$|jD3kt!z3@>c4`uY(q!MX`@2eljEnB8>-(rY#7Dls#WWZxOCW~ z!9q&!XWeK!wfieiw3#=$lNcKv7+m0Z^xEV~y^$#sxZzx4y|ZPW+#@GN=M3tjkR*T)XKq|Gh|oPB8>xf%J{ zxL;6u#X$RX521EHXQAH6rLE|SIh^JSD}HX^m;MhB>nJE>Y7(9lI2hl~uEM3alZA^v zQL8EzsK&x8F~ETr>P|7{%xx0il-n#NyrNc?Plv6D%L3~!<&vuhIZnN> zR*HYJQI22kU%8mFCUr20&-WA2l{c3<0?ss4p8z$rS3<&FU>+>(SdiqwK%{5`X9FTB zKFHF5`r3=1d7H41&PJAzGrcJ)yXkmY5lPhUJwWyoJ^F!jcD3BYg3Dj&*U$CcJzi74 zQ$ds?suZ@lLrO8aPQP6ox8_ym+>u*;V{In%yRB9YO{^?U!q%XRq4bNi8ITPYEB- z`m?IQ5{KIH6o_mfP9woDWzZQ#gH`c@%VdDwqppGC<)M>Sg#$aNz`4}x={4ZBlo}5V z2%rJ{36&X#aUV6%e;`29QNLGy4#pbj_tyrirgRk7&rNP2w^IicG=h$1*W=xvGxXkR ztWLnl$&oIf?R94=D)k2stW3uU!rR>#=MTdY^&Gdni}P>a&W)1h z^BEtp$s-O(Zd#iBaf?OMj&E#1M=07T+H|!;dw^52M(2vX$bf&Uyn1Etp?4D2r^j=5 zw8@%?@wBDh8gIvI9U{H7DgySJ`}y2X`A{vXw6rOw8SW_-q7%*{CLcw+sD2u$G4ctQ zV2LLqYtcx)9DSh4~>P~L^d`|bV0gf`S>f5 z)J*5!^^8fa?p{9GE2TDhY9$Kwf&hv;_xBi|SZ7foZwD3yIqZv|l!O%Q2 zUnNe?+wu8$6X~X4;}&cgiHJBNd`-c{T>9y2M-rXiXrbwyOF->`nl@y~WvjL&E)Odo z)I9_3jogtDl|S9_-H?w>+3L!G)At2KaOh#3$?4%1c;&u){aOosD9_~N48i|3C~{#+ zK}bQNF>)j4?$=_7{@{@9fC%e2AF5p9u!TB=Eu)ofCG*2UAJ{!d84i0&YFUAn1Py6I;{ zGB3qp%uZjz5do%q!?!(?=g3kvw!boQT|sDCC!S_?a}AY^=N3mMo0NohTrLuiJBguCdk>B_xeoyS@#(x zi}rU9Yu$@4f@mp8Cv4;+A8F<Mm(D+b*-uG>mzY z{r)|zNqXQ$b8ZT4QVLCdZC36Q-M~Q7+b*=6w*(t_o7bPL48CVuh&4Ox7e%{cAC=bJ zI__N2p>6Woy>U{|XWV_2O(5W-&-#R}IhzHapvj6oB^a^DrMqpA!Vw=v`g z_wvGU*4(D#Yb&hlb>+&er%royKOd1{mECC-$i-bbA6)Fpsxiq6jx%rm=}8hJWYECB zOK$#^l21~+$4CJ?`|H;daq;PC)94eXlM(h`ez8&yMJ}ZO%+&uT7YU3_rDK_yDVe7` zRKI^8cBS~n(ijfZ{5(~~`)BHlL-+6mCTRGoygN)Q1_*Z~3htagjxHw5S|<); zvhPSOR0&?oBPQJJ5}%vL!4XY(Zg2EfASaWM_}DcG!jXw8$54T8km zhoP7e-iKNI4}Et>_9>^QKP+3v#+6-ixD<;J*&lH;|Axhf6Ems#-cvmYAuA6M7(-AK(3&1S4l%x!Ih0j1}|M0)2Ap%V`q^&kKtDujT`Paa#8EdsF4Y59p2Q)EWK-EDCw( z4{j%#JiC$;SFTxa+jTmHWkT+eNUy?7RPcy`D4!%tR#J1>xFB3MG2P@GZ|v?%vLyP6 z+;k-_Qk--hiKN#rxf%S3dM=HTbG=~w6|{HvAQ;_rHizEtgP&h;{NXEkc>Rz6G5q(D!F*@ysVIkKPLuzMsfK0atI)rRh!--oA#iSk^; z3XG+GA8({z|7gZnLWO&(o54Eh_cW<6^rzAG%0rR7)b!*Hv?5K;bwq-zA%TEoCaKUP zNkb;38ndQvA)Zm;K8DwO0%Tf1< z3$3jStILXtto}k5?lROb8VFX&xfkW;69>z6mV|F3E->WDW8_!KpIF>q!Btz}eHM*K!ohO~`_1|J8qFOta zR?Ya_v25C&mN5Nv-@DM7UwyqBwI!)|_L8f3tjL(lgHXT_M^zy7tump1>>Xo2G((os z1bG|d>7R{(($-8*_hSULwz*vbhD)Q6SowLJM4lg7jU*JgBhHu~yQx3DCVM&cm&aM! zvPkIWso4pEIb*#rO*gX$!D($4XL_`sQpOYc?QX{qLPQk0%rSpK*-jd@B64LXeZ$!= zWz#-#lB~T%uC-)5FFo6cE6ZaaU-4f=H4Q?QO|&#tO`@nN_cv3EaEQL zk6T%)3f+D!iO1evUIcDEVVb0asc*Z|KYzvs1gFT?kgu4b`s<1d1v~Ve*Zr0UtttX6 zGk`4VKrls`mj}T1`~qzqKc0t}@b#4?C3M|bb_L-Co172N1B22bA-AhJfJ`|=dx#(2 z%OL&i&X;>_i7deqOzAD1zdlJkNg^znRlBRG_@>gF(bZXt-%B0}^|Te)cp*6x6DOd! z^ltq#yH0`dO+%u22&Kbb%)1GqztueIl@mZKXTOjq7+2RYfq`kzX#BLKv<$kcl>7hd zd{#j#MC_v$b!vFmGMyovWQ-^2&^zM4p8c|h*ZlGv1PJ@oOwI8m5`QR)3B(R}g zFD@@D`vp^Lz*toiuI1JWIN=hIvl4g^@X5&9!AkHZPe)=#7C+l)6Ao7-{-HE5qSlh;C+sI$QM*kJGME&3^6V#6&EF z&^&Ng)r9>nT`NMqSj8w(oDU8TP8U&;H};F)xp9Z3Vs<>x-#-Z)xu|jh6{4-@U%&!s z{M&@}v$jP-B7m4ZanlYgm4Nvlo(epChy`jrV>Vi&7VFIDhM@pAJi0eC%QU1(8+c8(W5BvN{6e=D2=Q8T}<7i6jX622O-ge*%!io^z9Sy zlH~#5yiIl7*qK^jQ#C!#!nbe(#Nk zIKc@3-zj|KUk4bbkpgM1ueA9D0i_!lKv2~__@ERVE&%aCAM1Tu+NVmzSz=ev&~8{5 z>gmD9i)Sb)cLk`hy>se};s!mdbZi!1aber0d^$!>N=g?nCCdH=#&l6Ju}B_76cpt! zA+jR71o!Xbx|i zyrkY@fBdyDejNPkOw~b2I50D7>F#nOOl!E^pLO~i`%D0r=3LhO5n(sFrt)a{A11A; z7?3-|iLGgtePEHcoPON<60@@x9|PHX&U`o_Owi#YRtj<+`XUk+gX|M${4VXq02Q~sF)E>80k zF}ycM6oir>yy#=IQ_%2+Q|PZ7-JJTRoh+PvkE_`p;RZGU*B02tz}k*jSAKx~=Q8&^}2c z!1%g~9yL+hT*oglVbCP6xHz0zlj5JZ=L~~2?uR@xJn!+}*Q-c!m~mD8n*lqP$TVcn22Ix z{*{cZpOI4!Y%2Z;+4V2|3^+bJr202+fBGs&-CM0p9Nej6{VN9!DIt)UA|C9I4 zR5F$EdAs7Od}9{%TJd?95!#ngg$u{9GSkt;qh3=y5N7I(_`Rc7MB!OXRXc zXydL~-^FB6CV8aIL7cn1XCyUxriyH1I+vuZJm4RC^iKD&KYH@&mzo%MtuH(kcO<9C zJDWUa3ihhn@|3DuUCGc$hK5$6Bs2xq2P?P@(9Y|T)`dC@0ks}aau!a5!yUDq?-mzt zmFCSgz==|<{lr6zyXpFij6^^25{cL;&O-PvV(T{;?LsoKz9T-Zgr0oc77iyZ_PVx1 zl&^yzH(VvfA8jf8cJKrZ-ILNaj~A!ES0r+$mE28^1HX>}JLs%>d#hsJY~q*qVa4ox z^s{pt9<9!^0F9s7Ud5OVt=~H0^F?M)rb5`f3+{LHw?!gEI4&#<&5f5$kQb>Ud}i2* z`Vr0CIdsnMXJ4o;M(T!`)m}V28QVWUzE@4Tm4J9nRS=_dw%SO(gODVl((H2L>+X`s zKQfrPc*en-CzSId)2Gg1dmD_2f0^yEv%y~?d9T3t1)V4`=@t5r^9-t!Esd+RJ0nHWXyCcq+(gE>e%VBls%;wmEDbd*|gZ`j83jUvp$=eF=k*7RSNhuPx8yO zL}Xu8o_?ke^E`k+&#cmnPEOazKv;4QBP2r$1K!P_d;-bDBz1`W1R4LPJUJoOiYPT( z{xE#0_T+FasgZokNb*O}kX>ec$QFW3bTpczh-ZM##+}hj;Pmy#x-T7TiApq$EuFuC zduQSWVZpgmd9Eg}>-DZ){G#5+4!p&T$t0$Fci0FF zlHYq3GINyPAn~0ltLpSG{~#BUg+@CDmzXkHr|H34D^+oI=bKg)M?*H)h_%aG`Hq`k z09Z1_Nj;{RN`tWNV>xVi(^=+3>N6AXfGSiDNfCdI9r!W4$9w$==(#3^}}ChNL%& z9*-Zq_T6**;48MRa(bqAwnjz(=F2Ms` z_2-}LlaYk_T54l6IGK?LIR5yTIQa8i$>@Hyoo-qW)nCITZTc3Du6uYc6&9C1?o?t- z@unu)h6~$a51~mxA@+&0q5J4g5R0Jd^7`H zX27)}#SPJ%R(OrrvYWmxU+D{lu;15%-Mha!ZpzYV*K2iL7_e_$dP6socXl;${-OKS zK}CMAPctY&1(rM+tfFHxVkJ$Vb$$zZ8reH?&Sksr%-%)YsZy=`>F>^_Ye345AAgr? z-85|7f4-d8O=oS2uJwT@AtzurX8gz=p#TfR)7r-E2AXAR4H=BP43cP6hD8?R;-Wq? z1z6QBb*Tm+5t#TQSabO`^DYDnA2eohMdRFpJRBvEv<8CpDG}9`}?5J6dXf*^v)?F0f`shwBd=?e6DyTGboSItxioNWr)M3(Y;r)y*#WyXZdRkyhW%&3Q$8s*=GloS4_!E|DFdop!=J2Q z`k5JbjHyL#@!ZS(2IczKnj2H`O{4iYSpx+do3&!^K64MQnAzBhTj>`3MeXBpL!gA~ zkn`z}iu!osPp&L}UywJqkA0nwEK)0JRt)#sRfI|EKCBWsq^#+>uek3Z^EGyy`w72M z$mSkl(s{;xd~hRjdrMe-_4X*`HgdEFC`gI?nZNAEUhYb&r7&C&KR-ggH|R#6CYt<~J8U1aHRfOO`-nv@4!w`nva6I` zGw?E(iJso@7Pirv+o0k4;^3E$#p zIerPf-If$DB7IWFTSh*1)1-N*+x^Gc!rIOTr`7ZV@1b5+7%gry-}vSeTAt(BoNda5 zcJ}O3jw5F5AeYXFmhB<2*N@(zOVjl(#aLPYv$c*KX6#q#hSry5@`dHS$ltW|dm}u$ zu}+gl3NKHS?%j^bcpJ@lI~%ytx~4nNi&#g|1H2f1}^h0PptyMLy{I{0Q*-(lJzCkAI(kA`Rl z73jCR^UgZ{q9J*$@+hwoVLa3F+Xa5GX)NlK1oRp4=kGF?(t`E_hEM-~Pz z&sPT4-8Tb{{!~6GLCcsjvwu_CYeunyj*LRrrYa^}skAv7IIG6) zv{06=TzzyNKSV~nlc zmvXmhjx!y@>Exyw!zpfVZ*=oa|NbiTBE-sN-!iZJ^+#N6vtnNok)nluwe1Z~is^7( zk+-ot*eAMJTrQRzIPMoQ70uNKpWC}DxCU!HIoFdOekpP1#g*@#*`RzX-cWtyY=JKS zMmC~vKV)_+@^@4p8p4;^PlB6Q7>vdH!Ikk z{alI0mNNTVZyhW~R!B0*$YrOem6-$;NTjI9q-u$ZQ90}xS5i~0 z>wV(StoQ|Ik_F_mcE=HFJNP52j@`FQ>wi1y=mavp1X@CfAI{av*C{``@bxs^3sSe9 z!)+$ob@&fE#gr^b%g$TW%zqHNN1H9x-QeK8$F&$r|9!@H`16JMZD`7^Ge)Stmg4Y7 zKUebk)GxuiZ}vX0D`W47N4{oshf?O=1|@CF`5UlYiL2_|7YQQqkDRxAq=?c*5@AX*J~5 z#O)3*M#Y2s%8J0lHSF0av|sEE$6fXcA`ghvaJTt4ziT>Gc8YM|^7^}18(&0ev^K3aPB9Vzs&WL?mf zvog9E+Hz~WgAsAn>e@PUge_zmr?%khDi9T#eS(J*YUlhz# zL{MWCZ%<`2>NhEZS_M#X{m=O!?c(JR8vSwl8!FVI_1Ery} zU^vAPis0k!ivy>IllnQqQJd|_N34r3hqkjzhliGP4cbYA3*kf-ON}=4e$Pk!MgOWX z^J7;~g{>VcF{f8*T;tbsx=j4(lQ|YIWQsfrb;R}Wg1_RpivFnpxf3whdwOqh6BLj2 zv-W8)&Z6QE`ed7N?B z({>NjsJ$ukloKX?Tnzl>fjze=*Jj7NcBnu7yUiqk;a+xRk}fd%P^`z_{Y%tyw@nX) zYr!H2XQJ6!ixtbwojgG)JODcSpyk&oV;7F9L^VQ*Zh^0>tjrv7Z$qMA)Vjf4o= zu#d_5beJE8%cN5}+406TR=ncyp0Lol2zzmp+ilgg^&{^}j+M{DW~4$cLS=aF*Jjky1-O;nH_%+vhnly0fH-ru2CnSO_z1zhs6^AL2t?_YGY+>nt)r z0H|~WCm8FQkP>^v;jxY9=XuW@gY2HG2`wCQn_#Ix@UD3XXLU0-xr~?Maa@%vX~zw< ztzP#LITm&O!oU2TCat%p9U|?PXFF9AwM87gaLrSJ?xD1DIc2z+r8Ji8?&xxMwYKdW zx9>PuH#_yA^R#+yL4n??1_Ktcfa;{5!tU?Jm)VJh;$`c*oku@+2dJt zhA+dFNxePU;6(-weUr-wmns<0+g_KHU%5Y}xHH|_X-(RH>;7%uU)Q*!MDN^a_P1t& zpSZ_klJFAr=}Q%Cx9G)I?#I-Yus2Vr%OO(bnC49vX)FwIf}*!VS&I(q(9o>BvJ}<3 z29)Jhacl0=zhs#FiHY>AR-JHl^(#6@j=hdzBvCWd*CE3N=9UMKM77}z&vj3h)SU>5I!%YNcr}oE=VEP+QBFY)_Psckx0G6z zARnm$O*r%)gy*9P(vbx`pU=_QT}Qq7(=UCtFHwC>204y2*Sg{ z_v5+7uRj~B&UQ7y#vkeoy~=rnBPFR!9p&%M$Uo5Eo;`QCaUXFJEzYktpXCbdJFS|3 zyr#c_AY@{4Pzd~%c_uXX+A8NW@w-D&{Og0fYae$@`i+nlL=ByRu(YpWl8bKAmm`dN zum&pX$(Jc5MnC?@6dmIWoobc-kY-8SI+)T&dTMQjes#OyXgfr%kIa3(i(00;!eno> zPb^%^fKWT8ga{#ezTJT7AK^J9+_oO=K%W=09u1v0elVBdZ(K<^LwB*r?Dj#P)#KH% z)MJnR1raE1>YfUP?>!^!VibuGDdKQ&6x`RBtKd!8`({u_D0VjU+~;iXiR%kFtJ8i8 zcxTIHaS{%`)RZCOId%&YW(!ZC%@6Lx(b)eKhEYCy#?{?^=S=bUn)3F}j%FWpFJcea0GR3{yEAAm3 zeyKD(^QKpKFGeG$`f^4zi?wN_?Gt;yC*_v^DaIAJRd$-|%yF8j_$Wp^z%cNE>N}hv z`<)WoYN(;^>4kpr6BG*Jm|LvoZWq&yZ_kMp6I2zvIFJoXixvDFX&Gs&ug)P^F^iaB zVwhn!Ejq{Y*)pzFmiy4rej(#;$YXwLgcQ1?VEMibxI|AmQwRed?{v}b38oWPN(;&Bp6y0 z@~@5p=BG|@bEDqUb~vF7p&E{5Hs2jqaG;e|3z4tlJs=JlEQZualm%c9AB+rLKdXEm z!?U)cDO@t&Hfq;3u8^H}qYms)( zADGxt`qnh$c)cmf^LAGXQSZcjIZxzm*UlPsNA7i2C7YCS`;ul2aBAN#8iQ*@L@nD3 z56iRGK&**I99)Z{q*?g zBgtX5kDX7*VWhsSaKnQ99ID~zVS?ab1NP=)$C~!pfv^(E=yb+p#xY&wq7R{IDi+fBt3!v!_vLnM6lEM%C#GLMoa3EGeJ=nx zQHgOGV9=lE>R#is-gwBn=e_<{Fqkq(QPoeXWhFuyVX8dM@*zZi5dY6jq@aH;ds7$|1uMf~+^?*S#O# z!?Ma>lzCzY5{Ulgmu;}OVX_ObkN?ZT{(r0rRG{rEE`xF&FHn#H*L)e?m@@F|a`0H^bQsOaN zK}6MHaL@mHg+Vy~Ki4&OUcB!i9mPPZ<>pW`766QtEG&gA@31K8*Sv(xDb|hTWoZ9t zQvF+ToxqljAe^eq>QIHN@}jxNEUsHD^@{kYW7biCCmgl#d?a`4J!saC{yRzjVspzx zl)vG!LTGNdbO>b@?oBJ}iqVqjR?8hx>zmloa*R;nCVTSeRGAgO;*3E%)7x;S@1Gp# ztzfTi+>#+7#bt90PDPy%+k;O}FWrW};HKTC`a2U^#P@Mmrt^>)JITDUDOZy7kfxr( zETCJFmoOfZf4i=3psC-#wiPhXeBhu3DJ1pa6YKxZy0C?1G~2PK9J_p&Af=QvY35LE z>6#-3;l6xvFl5jj+<2I4YyH>E(egS)J89vXW1m!Y&ymie@}PoiHokF{DRY3%YT=B( zl|>!ZLrn5Rr(8JPAbaY-%7baRR`tiq2jm)R^e#T3v_XXGyLz>s@eX{%oluRcMA$Y| z#n$hy>*{`+0!L4wlxujnMHZ9)P^ME1q^l?>C~O74c+s)5E8{^XdhK340n=NCo$=$; zfH$PBUcd4-6vyoo@Z8WUeL1`q+gG>!;_rmzxTDfJ$VNzna2&FF9qZ$HDoaeLF}GCW zKVdKmtc(Qp;+Y5Gt)$6+f0B-!w>EpJggifm1^rS9cXf98cXh{Yj{|uv$@L3{DH?JP zvgt#M$AwL-oVnV+J-$OpeTZCTMWhsIv2t|{nQ-Ml2c0SL>-xM2nQtcE=8e5QDM_ub ztD6KIero6-y0$$yBO{dWU}vPMdZ9Q^X+<#lS;b!@!)GwwXenAWRpbZHR(rHRNO;>` z+0QSXQ4?jLvupGqeaPr=79krdM^WZ_yon|hyNf29p%<%i;Nd?KsoIyfGQ*#z{Dk5_ z7~)UotyFpy{n&l**W~%cf7ZxeI04E(#Tq`IS7XjA+q}& zZ1qSY3G{uczHA1s6ASydU-W>>$b-rg~f6I_O@&K_6pw^ptarEN-xb& zDrDVXjw%jotb2y0!SYV8;MwhG@n`fwc0q^KufJ3vp(uaUJDe(Hr>{R<_xhZ-(s!4x8dB4`R*BMJ>$VPWB)8JaqRgg%tQuLV>oKgO&xC_laBOo^)bYK6)TxE(5`o(184 zX#+YO;PXKopE^meN3G1v5a9zVrJP={5RtPGollzKslUV5l#mnr&t-#ffezMZ2u99} zKm9pDc$Hh{3?-jpTwxagS20y!$N^V1>(?sI;0aDN2LINf>2&?uHbHePfDp|xbom_^ zHZ2za!+{mra>5zjx$;hiq_fKe+cH!fg>Eb1KgGB@79G~l+C-70UcQZ$olY-q+`XDp z%(zI6Ib8XLFp@?mXIJ-dP>d1vWBz-$kpsCFrwXgbSIfs&gIJwEd)G4uvD$yC1iv^n z%QP6o3c!(7K?0&$V3E$+85tR{|4D*DsTKe&({QVV-LIFgkoq!bRE+cL%Y69%)Q9U> zcGSCB0>odBC6Y44_rV??ZutB*iDj}Dt(!Xvcw~4GHZXgO4QN^6K1M{KfzApXz;kP5 zZQTxrg)Ep1eI_E}J3aS}eYT&AM6k`I+=`4f&{dF?{>!ov z2IX2mH;JGX4f-k`Q^2MPU|0aELJ^?B;qD451|y{|1B2?|8sF;bNWfJ5AXYr=)pfA} zW*9lZMF$AUtQ%Rmx$yyQE97Fva%6fs3n$qyYD0slBWAf)kA#5}RC` z>lNFt!a{Vo;)g%}_OMm|S$yQ;qYvtn;OEvKZL@7XQ z;o|o4W885JxOIhWm1Qu@3kL)o2tcEPsA)q(0}xwAE}XDQGZ{TS4Db`QQ5Yh0&g~g~ z7?(hO;%I0}u~7fHJMBkY|A55UR*SY@Vd-DlYSj?qDj2`P9LK%}xA z(9;1DPo@Al1`0uLHwi!^2P4*ooBJ9L=+Hs;$_1%ywfig?=B}&GoO0m=T3|K;Ljo@N z1GYhtM&W)-W;xh;`ldjM!M+cOSMNGT^_c}t*i?6)Lwqy}CrUU)%5_;RX2oX3Lid-- z`@Qt|NB9pe9lu>#6fL#}nB?8(+@~?!%JtL&&5^yOR%-FfYXvX|j77o!5j4EK{`oFl z*b@(Qf5A8e0R!{Kx)m@k{IhG3xb}dK2=G$WEV+F6U{~4yAJ>*`VMJH18NE|GigPzdEXc6xVI5^N2V^4XXmmgNhwB`)_^S5JQpm=D>_jE{>Z(zWr{98^Af?x)gPBBrV z81L-C+$lUYpd-bJ?8ZSs+}hcJj~ob4VWOCD5qz(_)CfdD@75W`V4MATZs~ytEE}c} zs;f&5s4tHJIo#U$l%br3g+-QqdaDyvG|Fqum4fUT(WTz-UIsv@;oT6eA0yqpPD)rpHT@;JWHk? zFpyxv-7_4*!RhPAc{;bd=O9wygPq%u0OgU%;2g*Ms6CD_ggPJP>+q7DT~1%067W?8 zfZ0j7HbCoJ4hFZt+XF0tG(0?CyjJ2-gIkP&ejh?US=15ca;MF{q@v8z+@Wt@%fLpZ zT}Btsdi;RXWfETrQz>7C6Cw8Snw2@H-(pggV-Rd0kV2us`c}Z*!50@B=Y(tXTPU3p z)~z8VvM3ZDB@&n&c=ML4NPR*0?Aa;@*qa#0g2ZNclxtn;Dlj8OAwFRgqzp$bu_8Gx z{4L>?BuWaCl?_cLB0LS^r|>xsXWGxb>o8jvCVlW<%NX{2H2Wzo7wRx6XcpxESW)7Q zW*;UQR-?f^{t~zZ+8`X0r-c(cdpLR#?ZZzZyZ81u^yG(Z=7LCFqqt*VQiT_OLj;C2 z>Rse-jK~?ZEI83=JH8+$X|-TE6dHU)-c(DXSm@J8-i8U>z9SUGPvFNwSDfmWo$6qA zncsv^O_Bj#ei>J?m+8eW<`Jfk>jw$~*)iDmk9$z*raJ{k4%lM>*K~Zz9{A@+u;c#4 zZQ=gVD~Ks5-|w4;i8R>;oh%o`<6%)Y_gB$a({m116=Y|KTPK^gLP#Ck5B5}qdNKaWB3Z2~Hh3$YJE z%h$H|D60BOusbnp%GnO?Uv;X(37?03C3`AOTbPO(K42KwSAvxJu^Aei|G4Tn)w1)} z+ewU~WhWXNW=9UHUjW0EmL@>vR5rS2~Wv*4&F!S&G|9Ob{ zWC};9%jfm_2Lpl9gFmgSf^fJ7%V+FhUjW-cosm;vWBV`cb-rF#5}6_S=g9u|@;_A! z4qM*X!S;NSW<%Wcjgx))uH|8M|pUYm&uv7 zE?btJp4doq3p^`SV9LSydTd&Qh>oAxg{L;Eob~A6EEHnTWU=T!Vm^IH#$J0%#n_T3K1Ot^s-1 zvm5th1zBB$c?~yi(C{=n%fpcpHN0I_^LKP^mIpwU8qQ)?8!eW^Cs4R8k0_-)N+*~z zGFW;jlPLPDs>ixx;CwE$p<8|#l?~hudEW!CT5Ttv_{T{iUY+v+E6#kU!tJ+Kt~R=R znJpRM2xZ0H^35y(*EK8VeG#kRr&iz2Qdpgk>&n${lC43dP@&ZiRscJ$TUGY|Vy8Mc z)wNhoKq4JEe*L1;kK&TAIc=r(?i=a}r_PNC9bKnJcrCa&K+JSEK8v-hAdFRuxSkSj*m}ET(eSJBpWW=EvuxzXpgO_8_K!-DqN}pRr7IZGjM=v!9?OBQyC>#GE`w~ zs4+dZs;WxW(Xt}vMHO2v2t@z_2b8%;Adm_NfVxfTwJ-t8(%g3iQ%YZQKxII1u)%sByFbAwiV$q;32%OJ;R)GQhvhd;je zphH+!l3t(b28k_QA<3%;hn>GchJ%?wwkcDKit!X0kQ~^CS``xX9;v(w^!zeyMD#o_ zMGngEOsF>Z7KMfmc$PN4Z;i$d(KQ&n_U5mTbP+}6!U!V<_*Eam?d^bp;w8*UBLWLI zvvYNK7ZgHF8XX(@%#oKj#b_+6?61|4Uh^tdRaOt-pCLw6!(_NZbiXWVFz}}ee?X^M zcGV;-QnTy$^)zKT%?%Fj(dfzi{Kp#`d7us33z2FrNPdok(!SyZGlIC@uhT&Uoo$-# z2_ImzB@v_m@7e>xSGsTDL_r^o9~*lj!M&P+(GOkyU=qh~wU$jKe~nNC zw_Cn{i4%-cjlG4K3Sx3w)AIbyXJZuQlJulhf`h0urU7^mV4DnRnN;h*kVUzU(64r} zPAe~(N-H$hQw-!CZpHsT_T(>aJ#zPlHz}fXIo@RZjKirqaBwuh<*NXRV-!-&{C6SR z6j;RnbuR!Zb*~+_uO0t;=#e7-aaP=55P+0HJrEa|K`X^#CRKfz&;Cnj!f;_?dXLWS{FaL)TC~Ge(=gkP7 z8Iw&NN-ztu-vJFmjNz~8JEj0)hMd!zNTJ6;p~0&c0w9j|^z4H> z3Y!f5hr9y0kP%KLJ*0n|j6@An7IJ&qX42?(*-CB%oYUVGcJYOguwBee8obIC;@-S} zPAS_|L&vAvE&c=S1JSQZ zNo#;D6JQ&d1S!xgc>)Le5`kE0uxw6y2qw9TmKI91Y#@;P$}TIz0q_m>F+dp*|Me>p zTv&885**;LoPEdulT3g^3Jy*wQ#c%euBz(l6+m3n1FrB*g~_XX%=}f`(bQDCMM_9B z`+V?RdrEnKjUk}5MZv%bQhV7ASfl`;6s#b&#`9K7kv5b{HsNqpN$^KLFA{%?uFU}y z@rHL5_2BRS(g$Hg&VK7UK9OQeYqKrjGg&lICg3p;|Gp%7G$UnrjGiQ8TH{Zql;|5p z{C)AGhG~F~`KLVW*nlt){rCV-DFu{wV62yb+h-0B0#F&iUx4A1{0PwBtOC#o<9>Ho zYQcm9!=zBa)&(Q!2MAC+XJi`B6U=1*@_QKI1p_lN;1URMerGwQn% zUb~>b8!xm3=fJJ*{ZfX*#)o(u%m+x1>TkO)w><%*0M7st1{x3)7w(MQM3I<n9E+c+Z*k2*IP36f3tMdWg@oz7fIj;NF z|1`E6>N*r;EaKPQ`LZd)7~NT<)I91tJqQ??MVfC9WtAQ4GMBtT3Sh>436Sdji`oE9 ze|faEgF_Ga3;X7?fB6x|HtUK&BWF*e(5`^!6+TovP>ai(TlMKxyWCsnT8Pm0+SSdiiJZ0*i34! zRgS+TJyEockO-p!|yPi15-p>+?YS*Ec1{+?t>^22|!FZAdU(T2ZB;9mW9j9C{7Z= zo2YV~;=q`Z?J5wAa*znxtpOyWRXj-p1wpB(>DkSN1QdfnXn$$=)}wlZ;Ij`g0$gH< zaAEQDSUjoWR?EGXZCcF|KzHQ(H+F8t;Y@iK>~oC-&Z4y(rO+I-jsvUDueqI*@*v1 z{C#OMO;$MAhQSr_XFt{{JDEJ?U>-$p7+9BMpf|Mwl1r}@6)CIWOD&O}V}+VBw{9Lo zVBs~hr$}^|07Xo(UOIG5eYBTWWp=7ch9{wvt?B)xw;gtJ1`YTP-Z24Tl?|@x{|t2NF0jCxO(dU&ApqQ?C$*_ zR82ACaGl1x2_h}tv4G(_FE%3FjjEdbjDL9a|0#wAHuX$sabRHJ!hB;+jQVh&V>lV= z?J&)~F+$w566@(>)23p&7oKrZ>Y?|wp;5(y=h<^JLb$fMPU=FsnpLxI#;}Vwu2&Bk zx8HFeBqaO2Bqx1aiQ~S!gr2`GhS==pywC{TUpn@trWx_){3P5F8fBY5^{u`g(NRp) zp@5x6j|f5R5@*gdw9-FPGOMG7{4v1m5mcW)X(vz{u?bX*~;+fP)1J|etW?9jF9x{@5NT+;7(XE zWUc@Gl|e@uj&m25cgbg4GPR`L^6lzjgIY%Ri>{}wrET}Rg3>)0_dZV}{G%IpN{`m+ zA4PVOVNoseiF3{hE#5s*jEyccVOreO8ELN9frMf`mGRit4={g{{b0$rj&pV_(cJeb9W1=UnfQT&WV%fi6|L?3Htj$D+@${)MuOZ)a5%`V$1jb6KIg z=bP~a9Ct`8RJFoBbZk=;p;i%Syx15yG0_0Rf@F`E;3*=!4oBo07NWVykT8zGm%l)U zhAsn#>&He6@|RbHCJxJ^qL;-n^AYK{F>jYMhBRobTPPy(9|}h;26i*w>FNzXRvl6a zm_IFNFd=W@zW2UbpQM(hOsZH6Q}V>znPraK;%h)O_y|EG3M!Hb<|m)PKKq}ar#kd~ zlPvK*F+~pbxy1+w9grxugW_oPi-n^3v+9rVZZ7K`Wv*na$kJ3)JiNw-T&`VVsWuM( z>t*IQ&)H9;+pjH>74Mb3-)-+Y)zG3B($*Ng?Vs#k@cW?mr2C_}I8N%V~J~ z$qub$2Vke%Xe^y;QI-=5txYDWqay6*(ql{QA zp3H-0ASq@SaZMx2M(IhIS8IC9>)8;{q71|I`AJA9h&DPDLCM87M6 z)~5hKP#q@ac7<~I7Q!vl*reVRSV=eKoC+)#PXDbK0Nle%XgVb~Fgp?csbMUcn8yj; z@v8|so4RF=#;uX`&`9>7v_lPA-fVhe%=U zLAZ$Gy#msF!(K#zLqyMhGaF0KZ4H5l%Ez?fqwYj4MU5grfSsKd?<+kSjv+o_(p5Kt z31%OZ|0jEu!lkew0J)`e5$<30(BW|aW3Op#MCZ8+Rrqx0+o=LKD$iVP>%T`v;Yzhwt8*fF4d-rqw z*v%Y6xwLX5#@}M37pM6j;e4(p`wxRC<1h3nuS22g;Y>T=wA_y zL=e=7jEi?3bYtSmv!`m`BT;p3kua8kf{%l0=bU z#T1=e$$1l6acRYpvpUrMsmxN=Bg=&qF>1yOr2UjX9`$3_+kPGqT&+l7L){%4%LhNA zL)EpaddPj+kHlhx%_!*EFQiwHc;S}G-8f75^xA;YyN_8SIPEkpeO)+_JW^7R zwOE$djc=K^FP0$q=#rBw1LK#@#SavNYInXEbY>a{s?TY27I4#;+Rsu#QvjvAg?jHVZ zO-Z+)Jkbs6^thaB_Em32J@7-Gw|Oc3J!=gg()UDJ^57u+{->DCjD5jt(AbfyiY;sb zGALD&jGe9x<@$S3XR=WKQ;-IL0snZ^mBPZ}GOdQP?P?X0XpMBST(T3+JSv|E^5~=^ zn-1MLbRXD%rv29x0s6&|7Op`XD$KU6d}g0fx?huwi2a2~z@5xqV&A$SQ_te^Y64f+ zS<@H6un;YT!h2g9zfPDa6Y{}TgjvguuU~&J{135hyvrk9QOsT|fCwAYd`Er7Vr?eX zj=u|l-E_~QWil&2a>J%lFG83hsYTbxVt2l9dCp@axB|+p3?nbA`a!MIs67AhS;Bwo ztpLDNU`_oW$&7gCQmLizPkOu?KiwF;G>R^zt~1>AhR7k+G|}axw+?qt4HU0_7L(b6 z0CLr5!{iY$OJ3L0Ft)JX=11{q_u7(x3I0!rQ*HB-y0%&Rg1T(2Y!g{O^_}xMr=WM)vYmm2f)o_gj(de8yJ2}>EXqw#cmeL3>ws{* z06<|H+6M2`pVB?u5$Aq&J`JRo^0$ZNHIF@MASLw?;QO-%U&{_%eoar3q=HJQ@Iko| zk5+tIamS~xizq1DzPuAsJ?-QCoDPHn7O6qtOzA2bVim$;!)eGhg{_%~4%=AmTt2wl zGY)R@7$55xLat9Ja9_fGlTXCVN}b@?3U!ce5!k@=d3W=)iY(LtQdq$Ez2DVbA$Lgh z;BSgpH&UnfaM{baG!fU}7tZ>I1~%;zdc2g3L2;;&xx}CQ`fc`uCgda6IKn@V|Es)2 z*`7}z&$EmhIiy;a&INV^X8n}~JP7&8Xt*G}Yo~MV?Kgu9z ztYnDgN>8idu70M^!9K|bpBZ-h6}NLrQKC=Lz-8?&PPTz48m=t=)NojG%0i-fMf6LE zJUtSNyGqr4+IHF}UfekqTrarGw{CUX{I4QE$AuSfNIX3m;xWDU@EI95>Kc(c=OEpF zDMphc0jeC`Cgu76M-s})m}2!M$ZPgggKcQR9(Sqxi%{ebf(ucf^A2_N@NPrt2T~TV zy~bk(cZMb;Lsga5IUlbb=49H85MRCrQw39xDsoMo5fxMM+1UVmn`~TKNH2e#o9S8e z5!#NDsX^TRm?d@XOA}^bFZNu#NB$D=Fe_?R&3ad@oPP#>7=)iD2PVq%b)yj*J=qDB zX{L*9ONVu z1a=TJCd+->P)SQcEgpuO%5A6E=2}5@)&AC3xc>etQSpF9|E=sZ<)|V9Bb`ltD32=j1tF59G!UTRDK;Am)+uL#lu5m!AgwF4ERh zUzS&XixhNxtsLMWv+{yUfA&^G1u@O%cYopF_!7xAL^orHQ9R6=4I_WwdNInq?(OQb z82f|wAy@|yJc$!{^EX(n}Yckr}To`?P4zXb)M;Fr@A$?ka|RRnsY@ z9r2HsGNtN2RW0qr6tBO89$^#lyQ)U!%F>D6F4_R`SXSk3O}vFWjgQbr6awm zL27&qw)~>R>Idd3GW3%nVI3T^AJD}N6IRjtx0s)D!;Z!$;ffaaVtLsSztvPA`1{u4 z1rw)^%*^mI-15y%hYDG+ERkF88TwXJZN~m8gB0@x(Ym)f4=5xW4WK{N#pOs!lz2(* zFG2htd)J{RBikGa`GVn|cq#L+ex~@|j2mGt1qJooE}3D{$Viwv9$;^Y1awwl&ilN+ zwQ>x;xrI`rkkHuLAM}j)Hm1&BZlhRi zwXjFH=VHi&^D@G+?7q=WD)P2=F1}_GN;D;2+P+rK{9T|9n2FTH7~E!m@B-)roVN2X zhIC0jYIpEnt^aAIwa-9&zZT@)?J$&_IUT!ji}Eg$__NQL*S?`i0fA05DIYp;d@aVa zZ0l2*U0;8{Z|>n4FHj9GOy2&=1zyIFTfX;+5%o|09JNoiw%-v_F*OuP9P|DSiycCT zk~<&d0}#>6X-WmH$ryf(n<&cM^Et0s)w7lI@UaAbioGz~cUrDX^_FkA+>(nFx_)Z@ zZ5q0BPriHq2cT4%ZiM!gd5KH**X=#;*>6_eoyiCNvQs&3`4$0MzgDeC)E0SU$KN>f zA;Pm5<{T6*fY6t86c_%%-BthW_-9~1X6NpUu~^J4xkTxbuHP_XeO^*dM@3(6ueg_& zAdGqpj*yTL0@z}K((BbGS&3=Zt2X`qo>kt9Vm}xhemLLbzWP&eS~eN9BCSF9stGTs z?Zt)u!u{6n5^d`R;zQGFzg35O9q9SU+AHhz9XN$ zoY#RDg>Q+;^w4!3JA3uA*2)V4-qp=5pnF4{$#vf*|Bq$_ju;)9Nx7-6 za2%LugpU5s?+2S(4Y%hRNEia@l8I&v(1(^^aY>_Si+<(vkbm1a>n%z{fJS-Zndu=w z4ODY;76;AbvR<;i6cJgt;1&^~1XOX9#C?qwx`N|hcAx6kt6 zMK`mTo=Bdosvr8p-}*dGnOD_Igw}F}Rljg*(;~{`%YQE2=HLr2)2u8X8QMDML5`S* z(o7cHe9x!q)H3WFiz_rxpXZT;Kj}Yj_0|ic$AkSY^_M&1@0OlM8+tDW{Yv2Xn%3X> z)lz0X{3OE@ARc;rdlUy-MwmPFbO}>-2aSFHg+u34|NO22+fK2NFw^-5`A8wY>cA4= z1?u?Z=tDc~Pp|uBCvSOGCdT9;AoU#hG9lTLYefF9LIo(_RV3kXF~Gv5uOJ5RS3C_8 zH(MeMymWjZ^QpnnHF=EPubDw#M~QTW_7x#FW_f^!_e%E-@&V7~5_+7qCu7F&u#YiFwII&Q?%QQ_nB zBr=~f=t~`n0Ap4~i**ZTVC$Z~8;VyiWqXXFrv2Wina|oP^*w^R)_DjzNG;K{JGO__+}e|w za)0=ZWwP|!B`{{~So<|ZG9-x6jHz`l2ILZ$uJn;|ht95btE8o~Zba)D zc0KrSg=yl2ED9hFHF)LWcnVqDoCW*B$3KXLf9RR{zl*J^7ER_1&6UAFv3GC?EOl3= zh|P8R{IAXFO#44=PG^0Rvi)`yt2vLqI)W((i!yR-f98*AIRU)C!B*31I0wR36WjS# z+DUJv)=PH7!_W{igp$lkNA2Uoo=5oojT!@WErqd~)Oc@&;3_xKqbk$iYbqvqA}Vf% zvAM{%xx<9x89kti+>6**dM9*ziOj=G=KcH-?qlbwiQBry`n-o8;UXv|zCJMwvd%mP z#*TA=a`)9!qd&VeI1QD@-PvAu_u{M$3lN@WcaQ+QsyoBBn$l5$vP#QenS^!=zx&gX zB^Sg(ME#`+0h~l&Q)L$WEYudKF3B`czagaD7PfEH8Lth-fq0CHIN@14Xmq6YE5R_q z9xQtt+ZBwze^_TEpVkwY0ut@Q9OebSv0`dB-XuaoN5A{Cu=!<~Oia7I z{LLuyLDvL_kUAEY$5G*4DMM4RzfdjJ>8C_GJu;CZ-z|{V`Bv;^#wZ_5JRTN>OUEF= z^&RS;_PSrEIvJMH7czM^;) zw&&O*7MFhewA{BxS@uke-B6UMWS#Es8}=_m)<+W)8tYlsl6Kz-e!U?-M!NLfyFE#= z+MG0TI0EVD9TaxxBSvY4R>V(ZavV}l1a!^o<-JXL;Yap%oVWZ}JMzqIz&zcVFTR$q zF8$<2ziJVCS65V*2kq;O9?PKp!>Tne1N2u16uw9YYaMy@rk%_Zb*@dQhlVy1VUj_;Bp%YzjZ*Zv@1LyB z{-^CBslc3s0Z(xd?dmuJx;D0n)@kOtRZ z=@n02GXp)4TA;aH>G+fMl$}~s*w=IGnmld2m1H;Xu{sJmF(A z4@oW_$*|!tBOf>Q!1s?w%~lho-%5s8Rks|WI^C6T?n9xKbAjI` zv{c;RhBoq5gZhW@Z#7(45|MQ6NlRRd6V8+rA*7!RMBF;XU(`%gbZybiG85KTXQYid zTt9Z3j1=T!*r@Z3fd&!K4%!>G;Ls8?MXP){Qfte}OTk8# zX^wmK*H?6n@7$a2hCeb7#i)VgPDgIU@Ti%rbv%Zqji_u9`A z-idGO#jhkj%eWA;%_JCG?Sg@E>W6YX0LVE#j)$SQ^*Jwt6kVv*f98mQy90H-5N+k& zZ`Pb^e!sAO%IJXj6-nlc5bgKwuqbD0%`DTPsOPV|@BICg7(jc>XMk(FkSnEWJp_Be zbi~Y3NO)Yh-Kwt(?V49DCosTRod$n&o@CE|T91c)P;J`&;ZQ>J zOS5)A_s$#7vH!YwA(j-Y zo{#v~pXT<`dsM;kwcUbWLYklUx&1%Ej!$>?5FA{h=o-2*HI#+6lYlBKIIjkIbzYV5 z;laN#0rG@SkEE0Ix5Kv6-WW2A-d~ZePeQbuCEbldVh*|VqQ7RB{QO8eZ`I$qBIMt5Dz^%NS0U_N zKqBEoeD01bq##^&fl@bHm=;PZWH>yz%AB;y$_oM9*cDDkyGzC(PKjai^eEgWW7BXe zt)gIvluWL=6?+movt9dk@_Knz1`8zkV2S2rB1^;W67GeE0?fR}UtOblzPJfihF|qS z+vCtaO3#2KCNS$=e9tBObysJ0n+w^d)_%`e6!|~z{T0py?1Hc_1k^9EK+~Lgty`VD zMD*CBm9$wAN##c0GO@IwZ0|a(!x1#w{Spi}Hi<1S-eYJ6Wr~es2>$M;S2T1oApdPM zviJtVxc`1#;{l)AFC!q~Zwka(R!~Evm7unDbagbGL2Z7w?GvGa(J*p+rqc22$DI2T@EXcX_v1=o9`Lt$Mm4vJ5u=$jo6%;v&`F^ zGJ=%Gqf8Lg`;g{)thYism@h%y)n05a%BBhDK9F;o{24<#Lajs9d0JcJgezuwTI9l;@--4a_tLPyohY;-KyfcgHNUe(`~$6948>7`Yl~GG9lvJ4 zMPCE{bK|S`UYF-bi_5UC`sW-^x5IDO@f@GLPJr_U`)t1`afZY0_OYMlen0c>-mwzL zob+RA!D<+$-~;o>ys_j>1iHzknD0=w zrGTd?HJ_Il7EBSro*w3ogR)ejV;Gf4EfFm+vo{wM_W}4RE0zz+J~8s1xbh_bLQPph zu{}uYpJ-9`CZDbAbF}mMUV*OO%kC+$#{~nFII~@+ZOe$G&a*d@F2uXpe2Otj9$$WY zd>z4xlNPk{`LQIru-8&ms8VM)dY5m!veAzHJ1^2U;%mu=JC&RkCXZEjgq;JoV ze4`_X8;P+?N8r@trE`w>DMA=9ejnRU4)4e zG>8EC9d{?bgh0`tm1ZXEYPCu)zpxK7_N7AP#%#KVFS|9YBCZJlq~oq>w7d|B)JLN`fWc$fs<07+jJvAayK&VO--@a}L2%IR8}X3+#BsH- zJWCt{X96I0mIQ{3K5QrvT9Ud#D&YFT(n-|bN>Xqc)SJ?GdYtA~uda2r;>FIr{4q~g z54m1{YEl1b9~i0ehaQIHgLX!FyS>~pHPqto4G-sY!?-wdZST(Q7FP%$0v=*2cXRqo zP891At;Tmm>F2kWyE?$*+Ln9}>ky_N~F<(%_xE0pMN zPwn!uJ=}NF*68~2bOLbR6dUMw|9W#)c?7`=X!0(i^6tseiq$h)kFXnO076s3 zv@wo#YPe^MbbN16i-TA`l?&Q{Q;du?U#iN-l;@WUIN0tipWCPzjv0r3+~%zYG~i>q z?X9gX2N(RfH#RoxZ`X6M5%z$2eq-?G(2ud3sby&2l%?#Tx|oM%*~3tCrm5v!TsYqa z4!9D!5B?*Xtez~NUe~CgX;$*LzIm6&xKAXwPBm0pqAGAuIow)+{^a!dPVt7PPR&B- zZ~#T?r&#E`s9WZEjRI2&7;M80v1^L!1zX48PKa*2*I@wo&jn($n^ zWL@5FvF5>hzoe8yimZ zN3F(D?t-Baiz=!gt>r{5neZPmzEJs!-?I3FOKuRiQ;+l8u))2=zJQbzO=uHh4N59q z=>?#wk&(C?PC{mt8ap>5W_7kOEKgTg*B7iruW0bU0gf*#ABMzYdySqnFi~`ixrS!* z`caEXRMB{D!#bhFcYKP$jqTP$_H}wTHtUh;q#b~7;aut|!2z)t8g4>k7*uxx9a4l& zluv3&r`xVOuGR8r^SNn|z}|hqy>s{sQW~rkSDTlxHzTfKRoe9p7ym`2500z8=-8Gs z96Z>D(Foe*?cP)o@qkN&&y!XiSo2u+7E$?jAF+qlukrXgukNJbk)y`RRKd=fP0suM z6c?@ss#@V-;gBn@xHVgq!OgX6Im8v2QV+4vQ(PH$1*iR0}Y zgJ16_r=$QT^EZ|7f(|U&WdcBJ$f)YPx!>2O(;PoVs7`pX^v$bQwz`6O{^e(+L_Nfd z--SY<<1EfQ0=z{EKQ(wL5)Ju@8Buvp_WG9!*rE!XUNhbKcBLc?PQ)dR!i9&%E`-eR zq&eP8V9wouply2xKd{~Sh=3Uy(rtSZxf3-uGGz%*tXmze(eWWbs+K&OyLclTTim); zW6DX-I<{z^{91M711a!6w2YQeaM=2pW5dV7vaYt!!#8@%N-Iw^M19{#_B>r>)AEfv zgecw`qQCY0I9ZzFw1kdT^5N#eL>E>QjhL$Fdep}w?5DqGLYo>jG3RN-B=@XxKbTZJ zPiiJES=?+3$l<`FeL!n65Z5{!ga?W8Eq=&yQu)-TKHR`q43KqiX&3-@7<~4+rHK(q z1?;d;c2B91w@U4H8H-P@12Naj?`y2jcp>^uJT#uFkFILoEj}*sVbyuajRI)$KfvWR z8ynjM&?7EyOZo!t{DBU@-MsgqX~Gad;zt9J>><&24C3O{|GBwhE?vB{y1Lrk+lzW9 zRTzQ`Zboh)^Fa6J78~E%D)Iiq2f%XI0}9hhkuC;+PTyASeZrC|VBhMZ>E}82h9q$kCb9#bi~9H zX8Gc3-#C>|Dx1$ibSBf{#{0lwRK0AF*uI>>u!Ptjd(e-`4@22R!GY~QN@Ljgw^2*` z^C^9;qJd7lqxk^cIqd#Zt%yoE%)tG3x2h!{SwU|8&I_=|bB?FXE#`aiY@N<7^iDqX zY`;7-uVu(rVN~WeVgz^we6Tj&rL`<&fver$GKEKK%=+oP3*k_umI_$IRkvZ)d}|we z{Aa5XWr>-7DhmFTM)DIc`Slxcx(f-dJUCvYWtV$Ui&qVMFmavtCt=ZB0W&oI;`}EU z9x&|Jz4%YA^B1mca5dn1cm(4&j~`#pyjobN8Zyn=?V6|Ovve9(>~8NE*44KZe4w`hGA6VEfeq{GxR`fO9|59@jE)Y~ z?FX9HS603i72(Q6QoICa19zD!Iyy?DavAs}B*8$m{kYZ(7`4iWiHRu#@KeXHLH>cS z!Vq?b0vSC(f)TJ=cu_nJbe!;NwQ#?knYu>-BK@6jFbFrZ3M#DQPsnzA8355eye3|1 z_%VBKGl;q)KjU}Nk{{TR2B2!-yf|QR8^G)nm%wSSM#_Nejqc|~YDJv6p7SNz!{$?| z=~Bw+KLsC_sRKUN47p-=v0o9R);;9vvgA#dKgVsozNhrrc|-V(+NAH4Jla-1wpju1 zi?t4^g-5ivN8jMMGjm?!)A#Z|gZzp*u$cq9N>*&`AhjhQus)4^62J0WDl`h?GLlkz`}*twjmJMQP$GYH323N3 zWoCW}I3pk-#I1I!W&o9aY8Oisa8dh}Zi4!=Igf+mV@V|?T)+(o0@Nt^g$N0s;xvix zFSNC1KN*VMoEzTip2R}vf6rScBqjy{(U)m2AY;>9q+Rz-H9rQBEq?r<`^m=;_W(E* zMOuxL2%xf^uYSg}Ur9kbhbc_MM=BEG?n_i9GdsmJa6BR!Fwm*rr%8uisx6$?U5lUY z35)#X-d#S2aPw>iJoys+;^9O0QW|+Ix@SZseb1^sjDPOa_#>t5G^(clm?i&5&Gv&I z!NI6>E-x7T>AuDMrhW4L)dN~%#-yHpgp81!tZ8h|zN2<+Y`@5QDnih7us=>%d9l-@ zPLI1fLa;9LCE-Z9}D?sxaKPU&a;FrEwD zf4xRtwtVlV87i#(OK08AUaK*l&UXA=nV0p`PkE z_(w&F_*N3A)gQA6x6Qggg+FRz!wk@xUVD0ae#9I8SZ)IEqV~DXm{L@`My3|TJY@8x z*>YKF)XrHbt)0oLebH`Vaq(r$Y~yo76X zedzn*&7U0pg+17cljP|$2R*(NOIEad6u20SahP=js^7yggW6u&tB)oM3cBPBPd?iw zZY32NGN;NzRC9TqJr@xX=`D(H+sqVkIN&7dg|alH&nX28*k;=%+IdR6`&jO+8}<`g zrz<{MY`!%RTxeBU2X^e6?JNZo&sHM5Pr!7;r>BpkU}KDDr+hKcD|a@S-7u-Ppp_hnZ~| zeJ4`FQ_=gJ38sLp6QT9e+-W^lhS#|cVX^cf&LYSFT@Ah zHj92_Wb_4UB4CpAkjTgG}jre!gKcIL^)_baZs=e`?=h z2tl?Mwm5G;F8QT7?p=zwk66>yAr_D6pwZ3M1>nae6%-VdVZK_2L6u*;xYL)wMh_&Z ztLME_&gOlnKY=jgwd{;M0~6CxFH5lnhkE?_adHO9EBg4=%PrKzh*U##0Eg*Z<3TyO*(juF9GmKuCZ`n;TcEJ_9mc0a(Pb zX=wvM4huN4>DEY|CqMuh8)qv+l|W{rESPU-F)_jIV=hJ}!II-N=eABjNr}^ZtIY+J zdVzB36Gp}a(S+#e=37;02G-EVlJgMTLdY3k#>{w*_(mxi5K^8TswE@L#smRfRk2fIW%YA(zSn6DfaN z3(`CRe|UENhoey0`OI^(LE9acr~#B2LGC7cLBS*-ABRs$>Nd3;pG^Q{lg-R7Lf0Sb zV%!0uV@5z1?SmMG5<3$Z1$1-+uP{aO%7?^9s;nj@K+S<)0MKFf4jkACgs~xEVfoI^ zn&zUdZEbztgM)*NpmY?pd+(Xmgq+-gfHu%;POUo6yh!!5O`JO-B_+L;=>o#?1cZdI z6cw?7w%9v75q@GaGL2P7KzId@65fC>lQR*}f*s3e2g=7l?fIMQ{Z$})jEReDGL$LT zpUfM!vttF)0%?;LJqNx_0;1fnK>iKw9=6_MYrrU@8H*U7)kMiK>5u1ep=YO*keN3w z%Eg-1xKEX)q@|^|ydjRdKG)8Z(HEgmv@Nf{Ep@mgNd+oQqc3YR;#t%l^4H(UVIN`5 z#e2j4y7q4}`MSYzU7vx47C#o8+Sn?6-~q|=B{)N(^Ddj|wi+Op8C@Mt`DA#DUhZM7 zt;f(*?)CJp3o8*;ZEY8nck}JL6HJgW#{=EAum!THr=bGS~XxkJg zShe=Ab?|jbNiAi^g^>TcbcLS$|93Aco$mSN)8qg374U=jEoyPVkqWA^q-47_iN^2s zUoCoOZ{VN@WS2J_XB(2h6qlO($Lz`V#2Y}Qwi8GLVK(R|vgSMBJY!*VGo-q@x{rJ! zt4BDW0ZKU8WiLRH8&69|Hzednf=v=3UEk0EKTr{8gJhxWV3~rQKS(A9@(&3;x}8$c zU&$^1%6eWPDk5@ldfI8lw>%<_3G8r*V0ivtEPw_tfYOCaXY?WEo({-h))Ni3wPozw zdq1oJ%r!QR2-mHUUA*SYCzkpSM#aLn0u;xGN7NutR|x4t;sX zcRV_H+jR3nUsqd^a>&FpzquuI@`QJnAAi#slL`LF)|&-?f9R}QIcm2%=hkd)X-b6Y~6O?6#; z1ns|0y6t21+onpeW$DkpUAp~N_V>-|nUsgFY^gS4|7mdZsi~jSS za+uim7R}5XdHDx1G1}V=X&#&k%RPdB_z2EY7_aIbcgK$YlG*;WIazqT7ArRDUDL5l&O<4zyb1>(}K zNTB?cHlCKBmAAXS$XTOZ@P=mK!w=dql;yQ2yVyl_G}%g}N%>w5OpZ2gVd2{x-x3<0 zU!6auU=R~)f9x9rsfI92jyex5KTI?7s^82E@YajTN9kKlL`r2! zS2c)puKNkHUbql4Q~gPOOsP^C-toE3Dtn3YYvYB&nooVSt(whRiK&{q3+A^iN{bc) zF2kY&Y13&0n&aHpwpb(KKWGN#)y4$HK3BY!;|2OM`W?&DvKRV%`<^vlBQ{Z-_K72l z*#f9dnmT6~dM18g;FIqx9Q;!LdX_@He*EAmJ93kMr%ZZCyh@uF{zXCS_!-o*Jh0Mo z?7id8yW5vxF4fBgI+UCa(NI&4CzZ>SBlbt`=|P58=T?0CZ0Dgy9@R_kyo+v6!*WXS zGyVksol^Hn;O}QyRB?jZd}nQPN=l-^k%+1l^D~dVA2*CZ>JjYO+KsqTfLnj4rqpyP zHJA&!+Fyo!tR0nZkM`=XUnOoW5)TvN=kfLmN?9{;bkll@$pH27MbSN!rkutGg!S?Z z5``N$33+SLO1K6&W97t~p)okspz*cDPqw$0ACurNuc1lCcWa$L2#lvacHc5gFB3(b zWYJy7_Rw9htJWlWYu%RfbLcF5*3rhqr1K=a0AiS(_rZ(f+3+WqxZrMP%Bzq`GQB6-Jn@X7`?p>2SGUsjDtD=Qq5-Y-_Insm-ef_~KGo)vLE3>r62M z-aMXS-6TJ^I<50O{a~KbDtj4tx1N9d-B?0Z6Kmc1USYAI$gv{bF#o~i4&FKU4X2ps zC4o**#S7n2AUoLFmSOKzxiyu}nKBR|M)YE;(aULjtnd%Q9(!0{8E)_{GmWEDqb;$HptjP8i zszA>@?~itTQ5+ur1QAopZdPnBFD{si=XGs-qC)7eEoNQ1Qm1Q8TXdf3QL_AbX2naUdR@*fOFxt{-l$rT+$?^d6=dQLG;={jKeG%m76`W!z+-U!z9 zX0v4LcBEK76Dv!Kx;eqx-S_yyVg)^1JhYOXZyEeVFk`pu$}XI5(7HmBcdmq}=xnsL5C!!xDzIJ$}OgnSYt!vg~@r?S~ek=J* z#7Bg`{cee)%$>G;3d9Jv%XMpL)V$%M(kF`3V%@Hr86jI8*ikfQ%sAI-NU8c-sJ+Ng1F4gF*;2uSCsPl zS7j~E$*A{>AdAjtk4c3Vl9;Yu_^g+ox``EJnFwpH4 zw@qrfEW7?%_g2t3gM$WN92XpQZth&I%B(e1M^oOZMO-*vdpm47UV)~y{=}W(-+X3; zWm0}6V6-!(^kT-f@vD*ZVK6zWW4)$NM~Wht zS$u?F&`x>^AF)NI^MnM+7#%>9=I!dm>_arUYlZHZKbS1Iv|uy5DgDxiNECPfwu1P{ zzh_|XZOZK<+VYjOc*yM!)Rkvd%b*S6XgQ;k?#dHzWI(^+ff%LmStI-hhx`9i%U6>|NpVuRO2{G)+a<3w$L5?R0HHrHL(Ihi1OFp6<${u{Bo8dWb<-aH3ulPOVQS)s# zn#6V>9VEHt`dnArJUWj6O>!9H1+i_T2g*AgB$^LQv>?hm`tCT@QfW{EfvXMBBcgg@ zx9I0d>B>&awaz2zaF_6GzTLmz@X~(FKoyeI6}RY^biOc-j)(c=u(ikOYLS-@kurH? z`5dnvf3Uu6`|w`NzPChT6f*EkZhcoAjj-kfIX1*Il#*GA+X=hiAD1EuGM`p0L%yVx zo4jw>1wFoWeI6Na+;#5Xl0vmGdmZx?Z=&Y3BawuB(zDor;A}j70T<)k;$#X}hPLvYb8}eT>d@1>t7$^iY_M^&L)roLPMjlw0uA@dE0L%nqx0}q$=+IjC~*L{#YoYYDV z%c%QX@PpC-9y`uvE|L4KFk3viCbwb4_d#@*eW@Lul zX`4eGy`5f@cG4;lyl0pZG<0pmc=YH}k|oZUW?~e_XmK1`Eyp1kweD-RRz6$v?T9LR zezri5x%x0);|9nfslb}mSmOmI+B}8&;n#>lsCXYaON7&rlCfHQn&MWOKjgvw@~$T8 zxxpb)zZRiwv-xrU=y%vlKa^<{MMiN?uar}f3XP`g=Fh)F`Ww6iUfvgI3O_MF1l3j ziB$Rr1rjwyTTP4Q&oH_%Ccyf{_In9U;-?jn*`4`r4j!2mdWKW<`8w-a)Xfi(oDFDQ z_8SBI6GV>(LMlIMU5p{HwLExW#Sa!Gk>nSLiv-P7MD>Cxq8@rfeig`dg}o7AatOJgV^ClFIN z${%wJfqQp0S)uOyw!7O(U%dD+=%{mtY}_k5T@r(3+4^7lOQA2WD8DqYgA;TrJkFzSsx9%xCbwfIB9pdqdZl)^=jC< z&LWc`t4^M9NR1;mfx=woK_jHL1L>Il)nailsd@-&qTHBp&Wnnc^=Sf?X!=@pyVd2& zr9t0>ghsR8GhQBd+#fYb`t2M0VYW*|-rJ(VKKGnWWH<q5D#;vm*C8)S#L zRwJ}~nsl{5h241VU9_iD_VSFp1{tYtuOkl~q$Llsf#-meQ_4;Wp zPmYa;*R;c3&*h{YF{2V0r#|8I&2{dlpC#Q~v8Fc)_`({+@1JuY4-zMdUEKRTzW)>% z1#gM(*K|aI4T7Q|RE!%9SzmunGBHtBTOIAMmx*j~vxk%Sk>+8Y8}l~{UK#I^i(F`3 zc-Nm=ci{^Lb4AU$zb$SgDY`az2{x_xuUN)YyA-Yrdwx#qjuc>qdEQIg29{) zXEgD8L+erb-umaEfjZruwCeD0%E-Zq@qL;LS+Z%Im{guqE*nz&uU^yGlIf0j<80W( zEjk>>vRv0$y)98pUnBiDVX&o}H>Fw^iJByH``AL$W97pt1I~GC^@S+GwFykRu6~%r z1$22=&r9_u5&qZLudzKx@H*7WNx%NgNC+Zi5;K&7X0b0`9#B@i2B^SN1_l}}$4YQUx^RsDqS>>A>= zdSJ!uDY|RFgiu}^;mr1=n*4gh; zYCRgK@ogs^Mj zN@++FjRiEU;KHjc97?38moN_*dR;WKXqPUkV8n&)`BX0B4Ja@0T z?z|*3;;rY5dLz25rmjs%9Z{xwPfF^y^|9-q zMdHBE#QoK#Ce=s=uQue@LmR4U#rjkiDVJ8EFE9*!$OOxmaO2}jFZGL^fvb~~_)LWB z;_MeDDGdgOgBc0s%k;!SJot3U2R9oWr1vq)PH9H1o;oM~pmVWjCz{v8B)&ZyT&=Tb zP|@Eh^Eo=OaNYd9+VIiP(Q(C1D5Ir`;?njHb?GPyB|DsyN9t_x-e+()S~y9*$LOkN zPw{zO6aVNy@4I1pwlNVAVQHRkNIe^m6NaKtR8%xf0rQ)9M{14MaFzm3hw%*0H^cJ@ zVsox{Bi4EyAD-Kva;UQlH0|Jt9~Q14F5bHxiJVV@47I|azbAgFPl6&i!%Ve8oac01 zcf#03Dpuyh+0Omzs1To%k(re$(d%JRkVz%Coz+<?0HI55i4K7rZ?= zoYX%X#gwM1O__cm&P)%ii{VQjw!E2!%+?068&?HQW@mlz61{tfVfAfu2Q6B5HUmd5 zPxb_Z=f`he*l+cAX3tJ1+G*~2_Us5Tk3M?!ytMp7yBP@`SZ?o8bTYzWxDN{NK_HFHO8E8D zdgtxk)5RN;zvuCmJbuj7{s61w5|U}!`qinLr`42R;f#X)o02Ioli+sa~5G zsp?mX3gggI7goBw%6OZy{C*%DHUBQO41I%HETy;ln*&c<(2_}@Oyv>2>O5oK+aw{1 z>P#b^Y8lqCdif@d^GDU85~xa|%X)eNM&hb0W6gG#$NR9=D6ej>SMt!O%@*+QzdRjd z8bqWhNgll)OL!_)6!2MuhcW}fqjvyxTg}Q3Mi0-{F!3&!P%YKy&PaB7_j;F|AVwNA zyD8@}kp_HwBF_6-+Hrmx^0qSRPa@oBvjwt`RG(pd%6eP7l#<1^jW0C`S>zGnRN6P} zqj}mGE<3ML%SzWye^?sfdr4y(Z~PXwhvV~fare%{tSwErFAV9c8!kwQt1v#lD%qLq zv!~&J$tx!I`W#m_**!!eoT!kE*-WRwk^cOXNik#cugqrKYpWHPuX3pMc8JAXJsuG_ zAEjuaeG=b2j}LI%aS}rBoD;q<+VaR0aOe)J|5TuyZn~v|!E{JRN_szlmy%{r=;joT zHgj`^+! z^n0X^Ex-cJVkI&Rm)->C5N!T6OiK$)rcoa)}#*gQov9wRl zKWbsXBZ8r>5R9NDK^*bvR5~ zo7%y|8B400LV_372vV=^I+{?nc#{mGw+czdUbZNTiCZo)4^H=(7S0@m*(|N*oxzWL zWw~+N7M>MHg?71yYQh>*s&xcg?$~a)jXx@aw8iMt<-n-KJPgRl(dwd`jKve@c&U)Q zM;D9blSYpy{ls2$sR&V?her{mwH%G7qr5nuz?}JYjdWc}5F}x4&X{(ks^f`_{BD_a zHT2~4?D^2MXxSQb~QZNK@p-l|YH5vk-Sp#LaKQ zxpPC_Hy`CvY$COU$$f@Q^H^(L@DN|h4!g%~KK2OrD=vZStit(KZ#)-?;4WY6^(nHuc$nHJZL^-G{Zdlbo7{oPHH?%&lFP0=! zTrfZ&`!XWvsU?q9aB~wvN;36$QnHKlhbnA&Al~b#jS2SpRMWuf;xx74hZhe>`9)w2 zFEJ+HPv5Xq$bE%4*@)tsV;4hNyye{I` zDq%K6C$xR)6Q?YzEa&u;T098Hq+K*~zl8B+HeTbTqX`$-x55un^P)iT0pP}eC;koDcy?4EFSI!bgb2I|5^9@R)Q&JQF zhUA?Xn{x8&x<6r`KHa&xzJ`OVf=#ETb={~{PpRY>&__#RtdID4lzdp|5w1i!Iyxi~ zmB*1qQrgpmVq#*(EYtkbS6k@P5oDtq*EPa8-yi37rZXtpuWNBoH7G>L64-Ny$cJDh3{v zlkXA7jgM$(I&BuU#=$um_#?^ zR1zc6?^NxyQ4Fx5?&H%*c=gI>TF*toba zHqSOW`StT>P9T3b-MAbw5TxwR89r@O^TqoUn=o3K?NeWqJLF8h`4c$3`94bRfsFK5kuo&A+qQvGtQKw4iPRC`kVV7_I<_pU497v_H^c` zjdZzVD?ulbXTKj&Q>97N*grGCBr34*P=^9yVvjxPg6ikloG^gtf$uxufHO2vB^oT& zpfKpqmO?M%*wRFw_W9X-<))l?>8KOm`dJaOF5vGSqpW5QmFr%w>I-l08#&#(6Y}Xw zI#&!$s^ybK&f5ZlyUx#Yo;6vtpq`G@7>fxvP4y`t^R9S(Al?B&?d1!9s?}3f2iEF{ zOY}yWQHAZJ6J4(ChsIw&9NoYWBxPvD4KK;YOBt&lbI-_;$0CA6MGo zG&H_N$N)1r8m{9xUnNn8z}82VT~PDYOZ4z4bh<7B109@%#TzSjGK+VOzKC3J` zqK;kFyYK&cwQlFBU|1jxw`2|bz%#d$vvaT0N4`=kV>w`FR>N*cjW)})UT_=tV0)=! zrx-pNYwgt*vZ1oyhGyq9%&l{|kXigXOU;ENjELzG@@svt6efxr37o%rK`D3R)N(B7T_!38GQqA8G}aLrN*lgr)jeE1D?dCcbdFg z!y9Oicey_4AR6`Z%CXi6cWdBPSoc5wTpdn07<WW`h07& z`|8#VCg?97inEC{!$%&8>{Hz}I-E=`t}&7&;6AW|qqsiACr}8&&6m4A zLDLbWQ0l4|xufE`y~N{%)Mzp8*NCU*7S0LxHpD&EEO$-%l*x~-I{%Q z7RN-PO#|KD)0_RHcBzP;CP}M2y;1hByI$@5G9u|hR>n5It1CA(m-*3f7Huz(bnM9V z$4$y@GKE7(ox-x|Ndofy<>iJ_FGd|^n35r}wnF4@-#N-N_zCsJ)$ZZ_p+?XAt7ILj zzP(xDiJGe5ffNY-c4bgzx8_FKj^G2Ta~`*OQ#+t(Z^<1M?dgPXNC_={dSGF5AK}L# zU)<-vz2V$T7W&tZYdB7tEsx3sOF80anOKdeST^N`3xz48b{VO~U3O;!PbRpmaJ%#K zu8JD0$|>k)b+mG4KhoFO{jQaC+1C-PC_=Hn#z&IN@a-9#t$nz93HL6pxpWXB-lOL( z6P`uzJ$F-MbupsxXu1q7^rjc=LpNG4;V>qyy_-ZKjE&!_H?P$=Papve_G2CN_x6tO zs}QzCCq5NZ?B!$G?Aj5?^|387klt}o=z;Ntat;+ip3K&rWkrd%r+Tm@YE$@bZs@pV zQ*`};eeN*3YameV+avtxlz0{vm$7)1q-$5Q7j{D4er0GfL zQE_CZ-Y(hLV`o#RNe1!Ov3+k^$O?4RO^;)8>^Z9{UcsaBbpWS%G8NrkDq-tleBlTm zO?23v6w6FV9cQs2@kcJwGdS0OiP5)Xb;Ix|FWjltfS2%<42_O>%?>_*Gi0kgdUmq< zKN$#3Mz7A4h`G2UXx>F$>SHogs6pf_C-S4GaShB2HDYuG_GRY?8m{7HOq9&_^EEW%+hI(Fai*K(x?*O*R&ohS4@t)GCm8Gjz) zP%zc!%g}hGwdv}3#D8XXfOkk)m3twHp7yy+uIDhjt_dS+lb-tld~;8^_w>2D)3zTZ zNcM-j3j@WceptF*5QLAtud=pXnCRL0KoRNvMP|P-YQ4C!^x53t z_e$}D(OBwk%smuodQwgPx3e2lLSgl>Hs&ej{AEw1oLK`Dp;YH?>b+s9i?FH!d>g!3 z*uB9_HD2Ry7=OI#&F6VT(;q9pXuxJ-w_`5$yrc}9M-mIyX(_QvKX_YR##U`mYjYfK z69gHz!4Af>Tqy0ezOZ5Mdx)pcPsXC#)zV;h!adUa=)z5zN}B#S_cWP|E8Et1`Fo3#z%Ro6 zMPhwfMfw#_9+{}s-?aVY9s!ElmBr+LBfl8F?gb|yfQ4zLEYzxvtyyf_YDl}dyD#5l z`Zww|yGF}3CcqlcpQa;PP2e$AQnP7lFr9VL?V}?qQbEuW4SXAuVojD8n)j(lo~zcG z&DDu{{qyfzgyXX&EuZnMuBf5p$kxJjRo$JDF!f+r1>;H$=CWyU`3zts&!C7ZCi3z5 z5u0kmQuXeE0RRvTVuliZ5#`^N=0HV7Jvck-nw};HXp*2m{!z;11rGFJ>CE{E;ze-J z&q)>m?wJ3D$6pmAph;}r&ZrsEyf&ekRWBSDYV$uuI+>Fu{UUQ(xoXlGxNv5l_dB{b zZYW>_Rd6d+Mr*Z@zF98n@R>0eGi$PRJMUN%S3Es664DmQUIlW+?#@fS!<^4&j8Alk#X(4qYLn>3Xx6QG{MP1KnVI;cla+JRq{}&~m$O2y++t#luOBCX zD%M1Uoy(>jP(9`%!Tun2MoFJ;F>*tRi{Vn22GAA{u&_RsX65eGhFzu{93Hj~4->}a zo%__>!^7)0am=rQm!VPpiw9B0V<{9-SZ#@ktRnU;P@StWeVX-+Rgsa9 ziYkKK>LY;FPFmR@(83U<>dR>$*`yuJ+V12akn+~ZmApE|A?1K zNbzv$z5Xrw4(sFJ&CdV6C(Jmtt)4DbXI)uai;atG`=X51o1Ws5L5zZea*jYO@9stn zZ??CY0lZ(%n=Y%|Qp2t?t4Z!e3eBl>XjGTbv4zb6la;b1EGABME%pcPA-@?WHITaX_ps2!l^@tQ*) zv&hQI=2rE?`@@&^KPFA=x*Q%I0ojp^l9Eq^Ol1H}H=0nY!KPkF1jHpn`;3ee;=y~M z4@R^YdC-E|T0#gX<9jD|Ps#e;hvy%YWEs0$H%9R9r|B3bjp;Nke@uErM3n3O6S_4n zu?1O~D`q}FiJl&V%@*rwZ~et=4m~t`JY_QUR_%KlfPVru3_Ux0QP1gQtS9G%wwRBb z7?xvG$26?&6bFF*de`)t*0;}R#}XItI3Ui?hvdy3YY>e8epW#@Lx|^34Wn^#-m*!icd(?zgg``Ee|2C{MsX)P8Q||SYLXM4o zruA!Q=cjZ_YgTfbUoQjS*1+!%ilpSX{p(ZyZ1nV+2)dNCibCf0)X6k2&3Atb6$FK* zuRFCqdMw*A_39r!5$uftj&F(YZS3h1@rq0_t=A}+Ig-=Zm?<5Rr(ZE3omEQz!Md4? zfr(&R7S!N9l7tQ+9hXhzN;lNMqsh&Ag4JOuYx-{vA&4=_y8ZhjnGKSsVcC}RPa}6k z{TZ0%M`=TXQyh#wmgc0Z{O4dmknKw|VRcLuLqP7$?EOs&d6gg+GHDjNfzE_4kz6y> zhBCVKflk>^heN$Qvh&*>{%s%se~LHyaS1{D2FhnMqNN+icDfP1BZ7VV?b~NS9#g~~ ztM;QH#cNRsqb9RE1Aa_&13#T^>fWZmYGu~)_#Hs-55Fq>4pn(Z!eU5AqV<*eI2XxN zrG+dTIeTjrx}_>BInq_pgFCPm{YOQ@JFUTgr_}Z|W?v?o@2)p>U(4p{5mJ`-3xl7h zfRkVp7;ReVwfCd05D8*whQHO=`&*4XIgb$bBqVOA#{wm&&JAXvBn#c^d@~>RNNfer zno@;3*S0IOtXPnw8l)qA*n#g^|sg!OA>OcC>wp)+cF zre(=^be;E2Hn&6R&3n3~A`7L3fOj>g(O7i%l_-l2 zA?3)rd*7|gQP~Ida>C9uPs?Ka2!F-Yx+rhB>fcUI2D)ZLTcaar9J#NAKetI#Lhb6|@?o&WqHbB#*IgFt`7>C{O2K6kQ=|E(bwi0Yh0CnBb; zpBcA3!#tYM%;R#}HbSr7_U}X}Q|`8;sXX_26v>lq>8*q>!^F|SHN1#~@OO*{-&{$o zL5=>}bjbg9J!a!I=Xf*9s`o}-^guE*PoU7nYMO`ZB;Ok)>~@5enp6Ed`!WXti*or1 zzg9;?4{n{N5lI3@We(Rf0(%)?Op(tGTvB(_%TmXq2mi-PV9=P4T98YSPlyFa4}Q-y zCjleut@Y7-JU4V0(@JXMMphi>&EMfGs|gHWp%E}9acZkfU#2^NDe|e?`_I3x#Cj>1 zfZ13@B)rOQx5Xq<_HWlt0isyus66oF7qT>z8A54gT1N9`Lsi-7*}0PK+KnCRH~;uTRE8gut*0Pg>wKymxNEU1B-^ z5jKw$E;<5x(_4dX3;UlI;F5@lJe_gMO#0^>F;x=4r14uqNbS5LuZ-I%mMrt>3Hspj z-IG0E3_U7}Z2kXqwb^YCz8`;VrXY11L3gBbZ?Y?r-w-%x~OJD(hY0npjVgVhyt#TY67Z{$3@U915Kf>AlW z-yf6k9EhT6Q7UC*GBONTDnByeaBQdw19K0R>)VX0sH$2af0M*CW6R$zEaI2nL+JCg zy}kS7TqmoIo(uS{6Kwg_>gEE2Ry+hz0pQTo2!#*-WE-n3G!GlEDI5jtq}ox)P;POR zON7)5%z8f4md|&?$@z<>)^}Vy;`ecbGKSO~6HtDB$uCmuT{HT18X;tyv~^1OM>rO& zc$$jWx4F;NS#g9goSB!mE_oSU)J8bYMsaMko4k75cI11_RkZrnJr$J3Lhg+hH`9*ER1E{o=64Id}ph!rEG@=3u z(l98gba$tcij=g7inMftAR(>5&@DA|H{TwA&-17L%p;Tg&BSKMk^S}-aW%egx5x5Gf}@Np{xi@VFMu$&h#$~!AJdEiyH`e&K)8Q~2b z=~Ds%0;u$b%H1zYiOVkv9-iuS>{`6uEk1cC|9s|&ef{KY+-~ux6&Lbd_qs(?8t>ln za=DEeLH&8fTbuLkX8~wUwUv7V+?ewaO~)II&Q3d5`c2XzlTPu8$1>b82UThn5d*A44QL@N-!Iolc&9X+*d zs~m<|L#2N;5)6j$&gscXnW5aYpxfPL2rgCO*2?^6bfykykhE{lV!+D~HaH&ThmH+MJ)A0=|ub zKuBvOea`#r+xb=RUuL5Ut`DvsysJ%czchQ`&d3nIYg>JE{UpK9C;D|jw!rtuVfzdQOQ7HYb5@Ev_a!M6(I4(R!Eq5K}AHk8)v)anP zhe2?T;#7r*4Z^KV8RMJr+{Q31F=*WSrkEHVxS>B^*u50PjtdgqtS;q_ldIOJSBe>} zNBszXrX60v|9;Kubhz|hxxr|G!2w^UHGS8IpPO@O=4Wn8Q2iq(CkHd)-zDkRYbD7T z&DV39F!VA6l)wIgBoPD~pEv4%kuX8n;RaO9NkaLRqmz)y(f)c*u68jV0fD^}`mfXJOnh-9#vpkZ%`jF~7 zwQZyJV><2eD_5@At_<;jIz{|)pFTV|=>ML@PlevkR-I#;%4VLc+ZDao@n@ro{rAB0 zdx^+8@s`3cnWZb!kN3ULa?fwYFlS0Hm#o%VWm_VPgUssO{dSRg%+q1Wii60G5BDaL zlj;8R*B5#-WK6`>^?$+{MQvyZ3%bdn#X}wBcrVJa#Y7vd{ySbGY>7Tzk(!_p1Z!-}}RDS6)_Q z4BmC84ug+Ja)PeMZQkR0BRK0Y0`LMZ?(Bl5*jUHpWLl;|)b9)#-1wjUgW8m9&1QNk z2+#c0NRz%hq+|?7G-Om7Tc{~YccM<`y-9U{xKaEvma6Q zn&%*w&cF(O&DfaUj~_oac6Wao-i?lr*L1G0@COuL?}5wjF8Lp3#aolC#{WqEa$IR) z=JBIPY`ou>k5@lWmcL7ik18*}8TpY#EL@&0k_9SvZAHR5sEK|OzH@b@w!3omIe#KM z$M@Ok=grzrzgC1(kdQ=im_QBAr2s6%m*P+1nRuB+ktQp9?<$rxTAG?*uG+WBrR+3{ z1NM(6_s_nvkfW5Q49j)z#zs~ z4I9Hx-+E-eUn)nt6$G7*n+uPfmiHhQkNF*}8c>p6eHpk5Yge!71AXl_L zYh0IV;QO*w2h6Wo)Z`79mT=|wcxULjF# z8_rfkjehhmn@?X}LFgaL_RWq>MnQ+0v`b$Xs{xXltRdCE0R=w^zXIC9a zdAVK2Z>?JplEZZ>2y6cNlLwT?=f_E(FLGgQ@UkKRiDz#pTzQBmB);2R8CEE66GG1b3GBwz8n^Q}>u10Nv&bL5Ja&e*##Z zdoL~R-+!zOOiy5WITdrGPN59uw0vT!_YJ7tqZkeq-tfdZUA#gsKQj3KMp%vjC`O@_ z?rRH`+pxKp9N(o)o^X0934i%%AcI|?kOThKTDO^+G^Jhq;8@P}vM6L;?S=;TNp|kO zes%^b((v^61^Z(A4{U>P?CtHr06e2~v@`LqzD41x`aL=bP;qtJ_VwVL0$F$6%E%BVDDmW z$&Q8UySw;}+sVqY4Eqf97cb!quB+)$Xc-ATA1GgH*8iP)`T4zqrvsU3j2>n1ORct5 z>SK~(o1$|Qph$z4OuP{R;MVQRGxwaaU6rG={(sDGP&c+@?Qcl)ODXqSNYiw7T4sacqx z@Z(5PJPu_S;0bko$dXCa^f;m8&?xz>C{gF#rVY1xgSvjVRJYX0&TTP=!|wg#W06A< z-ZU$B#cyGKoCU9EP2P;{#t*WmeWjn1cK7KT>&HTlV~dg2(REvV3o_#6H~nEP9@z z_WQdWU!0%I?(#EP1qGF%bbqXxL_wXsl$gx$y%nM;^P@=ha#k+s@Yuw+v-$CbLKl8B zG3#`PGc@OT>~4gvh<*uQpNKj_MLzP#4H&i*Na&h>g5w%c-Pg^pVm5U#i@Uj@k6Wxv zoMnp(%Clg+d1h`dhCXtbe`pKCdUxE#KYaM$DgK`3iGe{Rl!1R$|968>_?KQ>OkrYT z0!?ayG;(%#qfKRXb!lNHER^_7qcb`~JL0*GpeUG~ojrj;@E2^?NO{VppQYW20C!q1)--epe--TXSrItc-k>+hwWNi5WaU}CVp^m zdO3IaZl&*^cYmJ?dA!<5FLF4m?i(xD4kDSby#J-h;g=D8x1|6pq$NDfcI^LKhi5xl zx9qp7B>0JeXzF$REvE43nM)n!uTP#rLznkT*Eu*iFb#Fk)2=Cf=7BnSEl`6V{r0UN zz)2)YJ31M;rJ1jX->^vsGg&S=?qNnMUoIW#dt#8S4rLd7H*eo22K^2=x{l#jxN5fg zP`!`j6@s71c*>I7oqRxq;vo111U}Z)O|-JIe4rtk>dUpOTcUdxry}WFZeF?n(ERx5 z2t&}?Ow>G>yvfByWLmtiK$-d0okKE+pY`%P(M$z>h8;ul3on?DzUi7d8>$%>58KV% z7ah!v@_R9{C{;L}JZ_$+aU4A=>ALL|nngag8{r{ei#%ChB^PWuLG}Oh14}PJ{A>``LbGY z_V)Mpri=eP=kCv0~ch0wO z(lGV9fqt~{APE&R|d zM5RrVA+E1GxlU7(mhZT`{cVt-=r8k0(cZ{VcAm9v>Uu}#!oy9eP<2IHXDz<4&F|~U zYoj$SMp!V9%ztfd?Ma7OinO#e(-i`I-Hy5+5 zq1_hrdBUMew(nzod1V)xym<3=erAfNUqG?I~|A0 zJGBnpM=|nypusIGNvlnISPKKmr=WKaH1d$w*QeJgFre>EdgheRsV=5X5=hY0S$E{!VG9wi3G2oZtc+E;vUruU>J0 zUa{R-d?I$T(FCtF#i&TU-q~>k!Oeo;FmE1inVc*tNJ^WT-IO>#aeyy|4ndd3N|T|3 z4=f7o@0H1VMwpk}yX1(GB*^r>z?Ln;?Dy}ydUc*Ou*t7QT)Gi6Tl_Me-snH^2~9d) z-j1PS;3xQ@P4(AiZka-*zNz+2tctxKD4uYD)f-HtKOmtmWV(oM$?#5L2 zahwMmp-t}m)ut}T*Ohv05Hydm=6Q} zJ?a=z6>eQ2K%Kb2B>1-Wc0c7WO@CA*BZ7m2eQ%4aXR8AgsIZ;JPIX_twK7^x5)>5l zH9H%>qM;;4KGV;jpf&EcE^OgoScXrZKmRbidtt?BZDl18#*`ZwWpWbsSqk8;%w|^2?!_wnH2i2@U6}Ic@>Z&UH73)}NT!={B-_`JbGqrv@rN8QIqI0Ir&skRf zp{?f8+(R?mu*ldKQqqMv;m*8&i9OK@;-7FSnO)DbE-V!F&}^2&KPE=)gF zTuW``)nSob;QHd!9UlkhA~5g*O3co0@8?|>7Hs(Wm{wix?p2)Ig<#^KlMF~eQ-~2Y zQfdKHs9rmv2bsY~w67FPuXeQ_{(iBbW{Uujb%r`eAKd1~hAr%=OU8rm*N8B4AUpQ^hfP1?8adOCk2tes~l$9AQetYvH^ zp_6IVM185TfqoXfy{e(IA0Ol~GB8N6Vp%^7!!PUhF6i{bMf@HhvFsT8?n%Q#RcC0T#}CfGAvN}a*rPqgT2P)6?*JIf#b^0 zS(5TOYKmr(xgJF~n(Rt8*BenE`0ylh0Pi3{c0k zi~~Il;m2#&t^pV#>rHWk1_T)zId)rf4?u7krKML9*t`vys_c4+FQHqUpHh~zoZLm& zY$2T#REj2Bp!f3AQvk*|S$2T}g|xir{ARzotat-yPfxMS^df!;MG#3O)^l-#JpOu<K#c=0;gnG_Fmw}%aWCbaIQ{?)b7(}f>M^hy z8W}5H>HaFKI3P&j&D#VPnb~8cvdD4wQeD@#Teut6V-qE{{mXJm}Z5b@_5dqM>0bTp6X!`q^w zqIR1zasWMjPqx;RsZ{R7LmB`!=v!i9Vo)>r!3=)p`)lI>gMUDe9WqA7sIoGFT%A$^ zo4UgrGcz*)32?scJO%mk@Q{s`Sv6t0v;A30?=y$4TTh-m!HQM7sw(v=NZJp6kJxU% z8qm{_%qRiS)poI$8G$#%rS^fAx`DO6zi3t;l?H*4*QwpsZ5=((^0P(~+R+fVz}kzw z3v#hNmjm2z9OQ`a+~eGtPNtLiL9CO(M^OfT zOUTPn?)8anKWNQgh4hDEiEYw9`AQ@bFpnH?wPKW=b0Y}CzJC2W9tnv{SDL`VLmMXN zyD4FCnDiW)vOa$X76=<;2O5o}jfr8ZjW;4H3U|s}=VPC_-u9b|EDNQ2(9;n7iTCf{ z-@g-|Sy#tkT1-PLV2M|OaE4Uo%XC7%(EF)kUeeOs{65%MXsV*BMxmAV0JCOJBErHn zaQ>sjw(v@HZo@WCA9&>@CjBw{IU?#rxrft7uE!@ec-%VVuJoG@FM7q$MBE3)cLT|O z+nwVfc1{*v?$m6d@b_aXxZFk}xFkfq=pQrgOwSz)l&_&2KapKkIlH-cvTvrKFA?8i ze%nm6cQY!)R{UIlD7=56A@#3mAvFn(wU+z#>wYtd2yadJMZLN19UB zacAZoc3hWj2~F3df4%42^WF!i;kckKpqGhHLe#|hxK3?JeiVhm4g1NveB$!?2P>&O zuFToaX(oeD;-gD%73WIPP1eO8c{sNbV~a~o6aG)lQ+=)!4sTZHp8t(KCGG2^&I?$| zdKeGQFT1&euwH-<*o)pBs&V7%G%d~<+k&o*SX5K^{gF*EnAxe|bF}@n2W3`LR>lHb z-mt*PtWcu>WdsTV(t!QYAp`e4J71Mv1E7;Hj1}|lo$b=^>xjr)wU5L8SYlh8pZ#?d z`DRJ0PBj+zTts_=tyKc}S*?FesetGFha)4;dzD4H>7uGh>+`N7YR`iSCp|GiyOtpz zu}$nx-WX*w$J%AEz0m^U9h4)B}-a|^d#-= zMYn9XkG9#{fulE#zTyjjP`O=7M$qsnK;61{WBOAtjxMby;P4ZCQybp+b+aOHZk z*jQ+_I-%`e$+1)s#ublxCDB~U8FOB^&{;=;cR|K_-J|&8JkrOvZ2`qxvwbfyc$-t^tS6@$sua0vD+y+ILTgg~YY`xIAXmRaZ_>s5Jcq~79|yq4oP8y_40s9X z53PAWCoAi^p?_IZKcWTP&8c!KY{YykF6%5UL5+*yN$%H}QpQ=8dQbdOCs73A;d(8Or04R@Azf9G z7vsIXy~43UW{2o|u$5V!#$WV%MD#?DdajBK{{O?-$vvy&PkS8>V(Eh`9&13~e#^q2 zYpv?LyE+?Z)%04iS1-xs8bvk_4Qc7sx?csjkuX?>MvD6v_@E`&*OQ{qnz$PSe>eFw zLz2>J5S(k8RnO!t1dZadSA542FV zQY%)g+j^%W(I-?9pn7--x^fd^8WY!fiEeFe9b^)A5x|Nd3(NLrjwBiV_2Mr+ImzSR zgZ@qnNjhU|_c@jD6kuWCz-WyskespI*1fP@s$7DsSspCwN;!3{ZwcJNZOTY+$w9Bw zT6`qE!WB5ZS`^^wL8!E8+wMGewkxV%?sdLtg%?58v`*k7YCK-4AwT*=HSBH|iu7c4 zRIfbf%v{)?@zDq8TUI?+s(LOjuxIW*<_r5!ujl_F6)$HEIaPI=pZ^Nj>b5ku2D=lh za*?uM#=J1wvOteZv0)hzH~Q(J#KB(7z+07C|VF!TF&a*PK7 zei@d~_d6+SOtu^swiGbybN6aLi>np6v`@{8w$+8CZe~Twz@UdS;}fQflLhxxHCRLx zZZ*P&?pm!HZJS9!aT`g!quw{}W-PMo3Z_o}if#ysOC{^@KGza9CSxAjYMzYHD$_5= zDLAddW~_G@a~jp-$Xq?zrzrFs#Hzew(fqw_VesR69;IWw>no+vHPAQyOl1D`Mdmt2 zJI`oVZ!#ME3@XOaDt|d0Y61!jCT^+S$r48$2unzA(x_LGz+fXT!X~pXVU!3@~DC-dMG+Xxhb7r98-h_oc`HvGQHaq>2B>Xt7*n%^_#SeNz z^~T1|_k;BWKv;9K)d3Ju+SK$jiNc~bm;^8vncY5LQD}@I0rw2ZHi`7_8;DjCZt(9h z+zs>%1z3&o?;rpKED0+Q56@H;*`F1R71rxvOzPV=C7i3mmFIHk^jR?28#jDg#kI3` zPABdoCcbR%LaR+DesVG2`+1|F;LY$VG3V!`yv0|Acyr&EZH`m8K08Jpw0HfkoVKp^ zxaGZ*lNQOIl|rcPit{C6u_Dn+SSLhl`h-+gqMR~Cl%(k>=(w@dfW&wb>wYu`gLDv4 ztxsYl_j7UmQ*&2TV1Zc>E5{Ajey7iBN)~W272SLrTkY+8SG;O9^hDMT+P7-twu@%4 zu1}nAH;;Ez0k!9tR+_pl+nR|>c6cHZN-n>yM4R0qjoN0+C|K6GWd)PBJ5BeKtRFSg z(zrUshS(kab!n+Ni>a%mlRRsb89E+g?6sRGj9N6%+I&cO52)t(&cd7NZu`b!a&W2{nu!;app#$?7vvz2=@HTKH z7;o*4?}K9S*5=g83fv7jzRJxxSTO4deP_+8CguvJxI-lO$$_D?K;HD{_1h{fhiVJ* zl?#fRcbun(GVU0gDo9hZFgVnDs6WBOzuKhg#TmLUEp^NLpd)RjEY=A3ojv0y!C?*i zqRVLuYM1ogjdnBC9qx^ezmk%3xFIZ_2#Uy2wIOlY+0(TI}Rg*|KReRiWwV8_) zW_P_EPE}@RW)6*vY|%t|{oUI`bC9s|xtLFRf@heVB28(~GJo%DQaY^_&|HDi%*Nk! zvli&17y?(0%UO+emlO75xT5UzTlcVN5llitL$f9&&JL2fw{IwlQ#YUmoMwakpIV|; z8%}<*7PF_+oqoL3@$PA%*=fC-<)rMKZg+Sb>}WQ&@UtdHvO`HTCS2S1$-n;E0~7*( zDg&%BQwNutni?n``S%Hz?5Cb)_N9OPh>dZ6*2b&#%h9{;K)V17$QP<0f!WOJ3R1WI z>nib>Nw{g94juV65KMC+9c0P1=KXH{@8YhjRK1m3O+r3jLVeQm-fu>(Jwsm=dNS#^ zZRW92?Q=*x$7An#zMy-vW^&KWCsbQn7l4K$DUQ(B)81a z5aBY~yB*RV|9h|Yh(`AHG+q_A^-SzdsWLbGBZIU=gaLG4sMt6}Fq|Y61xP5vp(`A= ztZ-f(`BXlsH+f+;YmW>|tX0fa4K07%-bgXqeQRk&0)14!CUogTL4=NosNRrdUZ9ZN zWwl0Tl-2a~Gz0MzF@LEHzvP7(&yd{nU(`N5|N$z3|VYh}VP zDoJ)|02EnAVJJ4xT^FDYupbZpW$3M&rQUPz+}bz~n7z;Kuj}MUYz_&9wv|)YuoBRL{{wDzLtm!C6C^SU znrdSRROp|N(GOR9v8`hh@(pUQ!AJziVrlvrM#W72y3l3a0PucENy&vrrXK)hUtCI# zdYGp%n^!)8J(WPhqsqY9r3^MwMXSKENnMq&at#Y_At<~`xu6mkS)wQZdu#6Hx(e(9 zvL2BtZJmO#U#1Ur>Zr%*^(#j9{wC~O9hTrk5Z6{nw$^g*aq_YDO^gJuuX&S)#g;$z z3`wf1Ml-X|ywKa8b`$AnLxKlJwx_~LR%5q?H4<%=jdzxGCBb=6xgtNWm{B}7jb-lG z<&n{Q)-GATFqg>+f49v{K_!}pK*vF(;)cGG#aFSFR|Y&|>ctx^Xbfs(j#VO~TS@3B znC%O|J3r*OV3TmNNi|8c%8~VxIH$G4Tzt6UBf4t%nFwtX|KV&xmKPog$NEnjM(-BZ zSxocH9^g0twl_jXww?pCyqsJHSin}+ZHE7-4Uipl;hp*$k8HtZ^h5xqXVe;b(b!Z6 z5dDsOZH{q8O$}XFR~HbqQb0i=T2EXfA|mSOZglZrgo?S}le{Z|C*zA*#lEb^ckI2d ze57)pCv;jQiDMQr;}N+OJN3YyEwo3)Vznoc{^_>e zM3?2~)hhafj`RHH&GN{qU*a2%+lJWt-FsuL3I#L2E8BsdqN1fGtR9z`E~sZ5@Wey=UfiGm6jkN< zZF}k;+z{R&8{rNoV!7O1hvwqFZ-_fruQ$6V@qNm7N+N6N3X$P6(K=UBBLFc=x|)=@2M5a(89; z@-!O=B}|mTa=hxQd?p!?l`_uG0+0%i!yAp65dp9f_>}a#JYv8e;1HR=dWDI|0D7?l zmlR17GfxUcZp-dT9llq{2H)QEA5%-aB(XO&@l7gzVGl1xDv^B*HYf0Z z&=`ZktSt8SpuT^$wEQsV|5#99)9EB{VZbx=4vo<+JVjCivo{kBW0h()obg0IkVcNU-bI8 z#4986h9@7#bq8kp4%dTMe72t!@E5!8M|5aKvp0&vv>Wq6jDB``peX4<|1*YQ z4nd2tRW5DH;NmZ1HmSTiG#D%a=`qYjVZ9j7(&rTM35lHAD@$Q3R}jvhO$i}0rjTKI z+hEBcnjlIu$T?o0l#d6V*GM5+aqym*Zs`lHvMDbnhkDCbEpZL>w$12 zglB<->Kz`&haC<{hUt)6AnLq=*ESUi^fDl{?quPB&dx{du}Ye)tKcvCdUk@shGas_ z3JhBY>)la!@Bn{rWjFwk36dmg9uGFNJO);Mce^EhHkv|_?{TKiN$F;IRt<@mpIHt> z9~xHCoM@MbxyiDIrCJj%TZj~La9-ISTT!e8`}QJc-e|i!M6Z0jUV<`0LDY7wVC|x8 z8QOU&LcCylu9{JXjlAo~x@7)KRHJh#?v`0g_t^(7aI;U>k@EY5tPfv$a7xO7Kh%6{ zEmmA54ru&{++VLf`!}xUmuMHQjjqLm?x3LHGreWiguWCg7xerm&M&+2B4amd3DNN& zKkp>nu!_(z*{OQD=tsJ@>1JnnpSc`C~p?;qr46+153PBa^%OcLV?(F} zqKd8km$rj{91#k|3YL{^O1yX5EX&Q)8c<|GSD3i-UrWf zk@XYzxEbCGLRJLdXOHyOU9y+R_&e${n$B+E!qY($|J*W%h* zumg=aer0yRS}uYa=S0e}+bK z7kJ$Ey%~PFPTOBI>|n#(F{x^Ez)j)i2ni8#rX!5f*r&DDZ9Nxy0y^a@hCStc>-uHD~|DR1Kc z%JcfKCGJs_-p(roiLL3h+h^L<>hpEp8OqmoE=OWfmL#_Ce{)N9!D@yia=f)6aJq4JCR=0zrcoOM%3|-v&}2Xb|i?jj%6i-q&(8 z^85`7_IEeLl(W@8g4#$Du)@TnKo#Ib$j_pmyNyGvSMT~C*y=vVGqbMP9P}rz;z*7pl7XL< zRh0a>wW)Nis_L7I4 z*{{4|&ME=lm&`|jJZ?g?5^dZ5T{ZdGLeRZB&w6#guFIkqA`-|lZ>-{BqQ3K!3yqUX zQj1ZV6{j#iey_NiNne;zs$N8V6*1u`(z`aU9b8?1=p=T~M65Q^q9vdy=KucU=1}n( zQoPOzvuRU-nhOjGVZC(=AI|!{d-ouyK+mJ1$7F2vOhaSlM-ZXw=`Kn?tH}?9EuEn{ z^;UsF3Z{ib(h2)7FTVmF{C#|Uac-PgBvy?u7-~q5V1zsrNSEfTTF>8-C!(wN|B7GL zeR6x9PMNXBOJpD92J3)15WYa&JH+d#`V(kCB z@+QnB=_sU!5ElwG|Uw5+vv?`f}Py{}N;6z4d zI%QmsXpMmcnoYkHF(bG2@?P;>{dzy6kWQ`IJJ`>sQ*WivTif2UI?V~m_+Y$8kC5f~ z6si(enG!@*tLj%>ydISCoidKwpi%h{!*`884jM0*RSg(>u0T4 zo;!QELlP1B#T3Jv^XCmW^UR9QThCDz$NymQ!v_!ibn=|NaC35V1KW)O%mrFl*FaF3 zG0Of3XwtVSDG`up#C|0;M?QfVOd-M$!VVyMxhGG^5QY%jL144qe|Y8xLY;w3&Y>zN z&R@TN!5E-an$d#4$?eZXIBi)oyJ+dn6XNF?}L;y zsL&RPw_Rx7KONx^{%Dlty52CfwwhgqKoH?Rkd;!`msThSdR|c{E?koGv^($k@I!Vw z<+LO+D82Nx!Dz^e$3wEM0F#QkQ!66RovX%`4{OT`n2((ViW5Et*yu@}yx>{WS*-*y zC1;i7rKL6<7tr3&mq3>oYg0>DeE|G0?o&s&6!SRL-8)4WRbSm4_80ID^P=XL=XG=5 zzN7YKIC};i?|C;M>8DD`jCDbw((Ana&7lr<*?AMmMzv&(e^^MjtCb|^f;oDQSONe5 zd3kwS_1@x`v?54{&8VoLh5+^+C<6$_{6xuYB*Nev7_VDc2)coc^A|T3`0u?d_C~$iI$d- z@nJTfSs!YYFqW`i9VSvd1fu@72Sx3m_mE+TDpO#WbpR>$&~sd-ips04 z^{Y*TMU9uM5v+LD`JA>^X1%S@~lca$jiEVahZ0LO{2;pH}!;q(!6$vBZMB z`2K|$EnL=al?4$2p%$te_=y`Q&FK!^mm98;U260->0f9#6jJb5p*-%|dXeG4D42$` zAYn6Mw&=vS>vUmHx7FfcTO!fOD5)RaU+B=X=ISZ%*02*rwU9xxes6Jbz6GgZT-0b? zEW_@2zFFzvT{W24Y!Px3iTo_Gwo zUgTtbbI+bV%YYmq4EG8iC?qm-283Y;G#WN^aMy?HS364;pfZ6(1m6mrR0GMu&yi>- zjqq1w`!MKyYAEHr$@UG%irI%HK&AxMg*c`U2g`>4A~)vu|eBLiHVT!E&J!AI>+1SXhcjq{})=X z-W`C0@G9mpcOB9J2!8G)sr??iv9pV4lcXlP1Y>cq5Re%GQy-&FPCVfi#Qld434wT3 zRaXxL9~bVp$?z@{7!XK1jF-7dV*c_ajeQL+quI?o4bd0k2-Y)|;;24zSvR*zw2rd@ z8thEI6C74Z^Mq&cd!a5p1L7fYYM(v(o0AcPOH`kaThA!;vUG%O0m@;1Mmst$tY>QYIm? z;N3>$^&utr%MPQYHyr{pg#j^yL-wYoFXny7nFW0c3BkaC!ECaP_KJ4C;GUnnC+FR0 zp98l>VZDEXGQAAhOVUrDzC%w!g2jLEKu%9@EP6C0uLq)<rmN#iJXuW50j<15HMT zUfOj>G(dcCm|VO;2!{_+vg}hxU^f7-1DT81x)UY!|Dt4(Wi9FR7D92~(i*8^+DC3HWrSqlD=tRce7!_7L@pq;ciX2LorS(`k3IB~iY4&|@Wb_D^pN*@9sB-)r77!a@JvYucjz&taCGYlTdt|Gi|(i0J>xpE*gs z&$O{i3O}$-=491te6j^Y)~L1a?>5}n+eMgrvb@DZg|9*^5X4%?fSFSC7#719{=urK zbL<}CTDH0dE}~bZ;)lTwwDi!x^~LYueML5ZS(eR1GomdxZYRmx*d@c3bqoZUZwP?5 zwYXqf`_`^10>Sc@R7y&U^fedJ1iaa04+E!P6j4hv6W+$TisS07%tkK7eq}4*9vN95 z*TRY17}A@@d`@TkzD_Hb63_Bv3Pu6SvJS60Yi8$S z#Li;pl^?ChM*2pUXzCF0-yX%1WxpcLMb6C5j>nrwgy@Az(44M5Ib}o~3d;BUU`h{d z^9zMGMYbza9I^Lr#9%)7;%#W!bx+@a`}!k-nG}zS{54ao(sZ(s4o7U2lA)zQ5}L~4 z%pPO2GVM$!;TNDv=-}R9F~OV%!<6b!ZCAd?|M`OH0xNVF z!)9&UmB&dg<+-gOU8L3Nw(?d$;HHzrSJMy1_I)<@Ut^Pg!FCVnmUgEy@O~2;s|2spN dp9vfC_ Date: Wed, 6 Nov 2019 14:06:04 -0800 Subject: [PATCH 69/98] Fixed broken link --- .../windows-defender-application-control-design-guide.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 68b2423050..605383ec22 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -44,6 +44,5 @@ Once these business factors are in place, you are ready to begin planning your W | [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. | | [Select the types of rules to create](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | | [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [Create your WDAC planning document](create-your-windows-defender-application-control-planning-document.md) | This planning topic summarizes the information you need to research and include in your planning document. | After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies. From 068b621be40875e49641c08ea98e2dcf584be762 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Wed, 6 Nov 2019 15:49:08 -0800 Subject: [PATCH 70/98] Added H2 lang & H1 FCFAQ --- devices/hololens/TOC.md | 2 + devices/hololens/hololens1-fit-comfort-faq.md | 63 +++++++++++++++++++ .../hololens/hololens2-language-support.md | 44 +++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 devices/hololens/hololens1-fit-comfort-faq.md create mode 100644 devices/hololens/hololens2-language-support.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 8b12d44ca5..07054adb8e 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -5,12 +5,14 @@ ## [HoloLens 2 hardware](hololens2-hardware.md) ## [Get your HoloLens 2 ready to use](hololens2-setup.md) ## [Set up your HoloLens 2](hololens2-start.md) +## [Supported languages for HoloLens 2](hololens2-language-support.md) ## [Getting around HoloLens 2](hololens2-basic-usage.md) # Get started with HoloLens (1st gen) ## [HoloLens (1st gen) hardware](hololens1-hardware.md) ## [Get your HoloLens (1st gen) ready to use](hololens1-setup.md) ## [Set up your HoloLens (1st gen)](hololens1-start.md) +## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md) ## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md) ## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md) diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md new file mode 100644 index 0000000000..9482cfc8bc --- /dev/null +++ b/devices/hololens/hololens1-fit-comfort-faq.md @@ -0,0 +1,63 @@ +--- +title: HoloLens (1st gen) fit and comfort frequently asked questions +description: Answers to frequently asked questions about how to fit your HoloLens (1st gen). +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: high +ms.date: 10/9/19 +ms.reviewer: jarrettr +manager: jarrettr +appliesto: +- HoloLens (1st gen) +--- + +# HoloLens (1st gen) fit and comfort frequently asked questions + +Here are some tips on how to stay comfortable and have the best experience using your HoloLens. + +For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens (1st gen) ready to use](hololens1-setup.md). + +> [!NOTE] +> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun! + +Here are some tips on how to stay comfortable and have the best experience using your HoloLens. + +## I'm experiencing discomfort when I use my device. What should I do? + +If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first. + +For more information, see [Health and safety on HoloLens](http://go.microsoft.com/fwlink/p/?LinkId=746661). + +## I can't see the whole holographic frame, or my holograms are cut off + +To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead. + +## I need to look up or down to see holograms + +Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how: + +- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. +- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. + +## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure + +The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens1-setup.md#adjust-fit). + +You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead. + +## My HoloLens feels heavy on my nose + +If your HoloLens is adjusted correctly, the nose pad should rest lightly on your nose. If it feels heavy on your nose, try rotating the visor up or adjusting the angle of the headband. You can also slide the device visor out—grasp the device arms just behind the visor and pull forward gently. + +## How can I adjust HoloLens to fit with my glasses? + +The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it. + +## My arm gets tired when I use gestures. What can I do? + +When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens1-basic-usage.md#use-hololens-with-your-hands). + +And be sure to try out [voice commands](hololens-cortana.md) and the [HoloLens clicker](hololens1-clicker.md). diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md new file mode 100644 index 0000000000..f0e137764b --- /dev/null +++ b/devices/hololens/hololens2-language-support.md @@ -0,0 +1,44 @@ +--- +title: Supported languages for HoloLens 2 +description: +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 9/12/2019 +ms.reviewer: +manager: jarrettr +appliesto: +- HoloLens 2 +--- + +# Supported languages for HoloLens 2 + +HoloLens 2 supports the following languages. This support includes voice commands and dictation features. + +- Chinese Simplified (China) +- English (Australia) +- English (Canada) +- English (Great Britain) +- English (United States) +- French (Canada) +- French (France) +- German (Germany) +- Italian (Italy) +- Japanese (Japan) +- Spanish (Mexico) +- Spanish (Spain) + +Windows Mixed Reality is also available in the following languages. However, this support does not include speech commands or dictation features. + +- Chinese Traditional (Taiwan and Hong Kong) +- Dutch (Netherlands) +- Korean (Korea) +- Changing language or keyboard + +> [!NOTE] +> Your speech and dictation language depends on the Windows display language. +> +To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. From 696d9ef01612ffec3af2788cd6625ad969496dff Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 15:56:12 -0800 Subject: [PATCH 71/98] Update troubleshoot-stop-errors.md --- windows/client-management/troubleshoot-stop-errors.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 1c5061cc82..c64c8e35c1 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -22,9 +22,9 @@ ms.author: dansimp A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers: -- atikmpag.sys -- igdkmd64.sys -- nvlddmkm.sys +- `atikmpag.sys` +- `igdkmd64.sys` +- `nvlddmkm.sys` There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. This includes video cards, wireless network cards, security programs, and so on. @@ -138,7 +138,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols 1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information. 2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer. -3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk). +3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk). 4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool. 5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
    a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
    @@ -149,7 +149,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols 8. A detailed bugcheck analysis will appear. See the example below. ![Bugcheck analysis](images/bugcheck-analysis.png) 9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL. -10. See [Using the !analyze Exension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output. +10. See [Using the !analyze Extension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output. There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22: From 7d10dfcef791e523dcd039c8c450b276bbc0e00d Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Wed, 6 Nov 2019 16:02:53 -0800 Subject: [PATCH 72/98] Update troubleshoot-stop-errors.md trying to fix Acrolinx issues so my pull request can go through --- .../troubleshoot-stop-errors.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index c64c8e35c1..719976a254 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -61,7 +61,7 @@ To troubleshoot Stop error messages, follow these general steps: 4. Run [Microsoft Safety Scanner](http://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections. -5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10 to 15 percent free disk space. +5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space. 6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios: @@ -90,12 +90,12 @@ To configure the system for memory dump files, follow these steps: 5. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written. 6. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs. -The memory dump file is saved at the following locations. +The memory dump file is saved at the following locations: | Dump file type | Location | |----------------|----------| -|(none) | %SystemRoot%\MEMORY.DMP (inactive, or greyed out) | -|Small memory dump file (256kb) | %SystemRoot%\Minidump | +|(none) | %SystemRoot%\MEMORY.DMP (inactive, or grayed out) | +|Small memory dump file (256 kb) | %SystemRoot%\Minidump | |Kernel memory dump file | %SystemRoot%\MEMORY.DMP | | Complete memory dump file | %SystemRoot%\MEMORY.DMP | | Automatic memory dump file | %SystemRoot%\MEMORY.DMP | @@ -118,7 +118,7 @@ More information on how to use Dumpchk.exe to check your dump files: ### Memory dump analysis -Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in a variety of symptoms. +Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms. When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause. @@ -139,7 +139,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols 1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information. 2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer. 3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk). -4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool. +4. Start the install and choose **Debugging Tools for Windows**. This installs the WinDbg tool. 5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
    a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
    b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/windows-hardware/drivers/debugger/symbol-path). @@ -213,7 +213,7 @@ Use the following guidelines when you use Driver Verifier: - Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic). - If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers. -- Enable concurrent verification on groups of 10 to 20 drivers. +- Enable concurrent verification on groups of 10–20 drivers. - Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode. For more information, see [Driver Verifier](https://docs.microsoft.com/windows-hardware/drivers/devtest/driver-verifier). @@ -233,13 +233,13 @@ SYSTEM_SERVICE_EXCEPTION
    Stop error code c000021a {Fatal System Error} The W NTFS_FILE_SYSTEM
    Stop error code 0x000000024 | This Stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button.We also suggest that you update the NTFS file system driver (Ntfs.sys), and apply the latest cumulative updates for the current operating system that is experiencing the problem. KMODE_EXCEPTION_NOT_HANDLED
    Stop error code 0x0000001E | If a driver is identified in the Stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added.

    If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use Safe mode to disable the driver in Device Manager. To do this, follow these steps:

    Go to **Settings > Update & security > Recovery**. Under **Advanced startup**, select **Restart now**. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in Safe mode. Or, if you intend to use the Internet while in Safe mode, press **5** or **F5** for the Safe Mode with Networking option. DPC_WATCHDOG_VIOLATION
    Stop error code 0x00000133 | This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the Stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. Verify that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](https://blogs.msdn.microsoft.com/ntdebugging/2012/12/07/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012/) to find the problematic driver from the memory dump. -USER_MODE_HEALTH_MONITOR
    Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
    This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process.Try to update the component or process that is indicated in the event logs. You should see the following event recorded:
    Event ID: 4870
    Source: Microsoft-Windows-FailoverClustering
    Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action will be taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
    For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw). +USER_MODE_HEALTH_MONITOR
    Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
    This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process. Try to update the component or process that is indicated in the event logs. You should see the following event recorded:
    Event ID: 4870
    Source: Microsoft-Windows-FailoverClustering
    Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
    For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw). ## Debugging examples ### Example 1 -This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** will tell you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again. +This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again. ``` 2: kd> !analyze -v From da1aa39d41d7898a4f6edd72380672255e4c19bc Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Wed, 6 Nov 2019 16:03:18 -0800 Subject: [PATCH 73/98] Metadata & link fixes --- devices/hololens/hololens1-fit-comfort-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md index 9482cfc8bc..69adacd775 100644 --- a/devices/hololens/hololens1-fit-comfort-faq.md +++ b/devices/hololens/hololens1-fit-comfort-faq.md @@ -7,7 +7,7 @@ author: Teresa-Motiv ms.author: v-tea ms.topic: article ms.localizationpriority: high -ms.date: 10/9/19 +ms.date: 10/09/2019 ms.reviewer: jarrettr manager: jarrettr appliesto: @@ -29,7 +29,7 @@ Here are some tips on how to stay comfortable and have the best experience using If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first. -For more information, see [Health and safety on HoloLens](http://go.microsoft.com/fwlink/p/?LinkId=746661). +For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661). ## I can't see the whole holographic frame, or my holograms are cut off From c81e9f9c1a7eec448d5344ad71395d4ea4414bdc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 6 Nov 2019 16:30:08 -0800 Subject: [PATCH 74/98] fixing a link that does not localize --- windows/deployment/vda-subscription-activation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index a1992d96b8..61edc16bf7 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -37,7 +37,7 @@ Deployment instructions are provided for the following scenarios: ### Scenario 1 - The VM is running Windows 10, version 1803 or later. -- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH). +- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. @@ -47,7 +47,7 @@ Deployment instructions are provided for the following scenarios: [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account. ### Scenario 3 -- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) partner. +- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner. In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server on your corporate network can be used if you have configured a private connection, such as [ExpressRoute](https://azure.microsoft.com/services/expressroute/) or [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/). From 56871acd155d117d6d184aac3bea89038ef40e85 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 11:32:45 -0800 Subject: [PATCH 75/98] added file --- devices/hololens/hololens2-fit-comfort-faq.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 devices/hololens/hololens2-fit-comfort-faq.md diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md new file mode 100644 index 0000000000..f46ef44d37 --- /dev/null +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -0,0 +1,59 @@ +--- +title: HoloLens 2 fit and comfort frequently asked questions +description: Answers to frequently asked questions about how to fit your HoloLens 2. +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: high +ms.date: 11/07/2019 +ms.reviewer: jarrettr +manager: jarrettr +appliesto: +- HoloLens 2 +--- + +# HoloLens 2 fit and comfort frequently asked questions + +Here are some tips on how to stay comfortable and have the best experience using your HoloLens. + +For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens 2 ready to use](hololens2-setup.md). + +> [!NOTE] +> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun! + +Here are some tips on how to stay comfortable and have the best experience using your HoloLens. + +## I'm experiencing discomfort when I use my device. What should I do? + +If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first. + +For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661). + +## I can't see the whole holographic frame, or my holograms are cut off + +To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead. + +## I need to look up or down to see holograms + +Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how: + +- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. +- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. + +## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure + +The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit). + +You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead. + +## How can I adjust HoloLens to fit with my glasses? + +The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it. + +## My arm gets tired when I use gestures. What can I do? + +When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens2-basic-usage.md#use-hololens-with-your-hands). + +And be sure to try out [voice commands](hololens-cortana.md). From cff717a54efb0965186665374347c74b5e978f12 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 7 Nov 2019 12:29:40 -0800 Subject: [PATCH 76/98] Reorganized and made updates to docs related to policy planning --- .../TOC.md | 12 ++++---- .../create-initial-default-policy.md | 10 ++++++- ...defender-application-control-management.md | 19 +++++++++++-- .../select-types-of-rules-to-create.md | 28 +++++++------------ ...ication-control-policy-design-decisions.md | 10 ++++++- .../windows-defender-application-control.md | 2 +- 6 files changed, 52 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index cdd0780c08..02767f2f29 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -1,17 +1,17 @@ # [Windows Defender Application Control](windows-defender-application-control.md) ## [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md) -### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) -### [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) -### [Select the types of rules to create](select-types-of-rules-to-create.md) +### [Plan for WDAC policy lifecycle management](plan-windows-defender-application-control-management.md) +### Design and create your WDAC policy +#### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) +#### [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) +#### [Create an initial default policy](create-initial-default-policy.md) +#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) ## [Windows Defender Application Control deployment guide](windows-defender-application-control-deployment-guide.md) ### [Types of devices](types-of-devices.md) -### Use WDAC with custom policies -#### [Create an initial default policy](create-initial-default-policy.md) -#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) ### [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index 041c14d524..9f2f505f65 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -1,5 +1,5 @@ --- -title: Create an initial default policy (Windows 10) +title: Create a Windows Defender Application Control policy from a reference computer (Windows 10) description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -32,6 +32,14 @@ For this example, you must initiate variables to be used during the creation pro Then create the WDAC policy by scanning the system for installed applications. The policy file is converted to binary format when it gets created so that Windows can interpret it. +## Overview of the process of creating Windows Defender Application Control policies + +A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). + +Optionally, WDAC can align with your software catalog as well as any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged or serviced, and managed. + +If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). + > [!NOTE] > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 0bd975a746..cb2cb5b772 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -17,7 +17,7 @@ manager: dansimp ms.date: 02/21/2018 --- -# Plan for Windows Defender Application Control policy management +# Plan for Windows Defender Application Control lifecycle policy management **Applies to:** @@ -30,13 +30,28 @@ This topic describes the decisions you need to make to establish the processes f Before you begin deploying WDAC, consider how your policies will be managed and maintained over time. Developing a process for managing WDAC policies helps assure that WDAC continues to effectively control how applications are allowed to run in your organization. + +Most WDAC policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: + +1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. +2. Deploy the audit mode policy to intended computers. +3. Monitor audit block events from the intended computers and add/edit/delete rules as needed to address unexpected/unwanted blocks. +4. Repeat steps 2-3 until the remaining block events meet expectations. +5. Generate the enforced mode version of the policy. +6. Deploy the enforced mode policy to intended computers. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly. +7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes. + ### Keep WDAC policies in a source control or document management solution To effectively manage WDAC policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents. ### Set PolicyName, PolicyID, and Version metadata for each policy -Use the [Set-CIPolicyIDInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID. This should be done once per policy in order to differentiate them when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, we recommend using the -ResetPolicyId switch to let the system auto-generate a unique ID for the policy. +Use the [Set-CIPolicyIDInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, we recommend using the -ResetPolicyId switch to let the system auto-generate a unique ID for the policy. + +> [!NOTE] +> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above. +> PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy. In addition, we recommend using the [Set-CIPolicyVersion](https://docs.microsoft.com/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (e.g. "1.0.0.0"). diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 2bc617c5ba..6e77768954 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -17,43 +17,35 @@ manager: dansimp ms.date: 04/20/2018 --- -# Deploy Windows Defender Application Control policy rules and file rules +# Understand WDAC policy rules and file rules **Applies to:** - Windows 10 -- Windows Server 2016 +- Windows Server 2016 and above Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes *policy rules* that control options such as audit mode or whether user mode code integrity (UMCI) is enabled in a WDAC policy, and *file rules* (or *file rule levels*) that specify the level at which applications will be identified and trusted. -## Overview of the process of creating Windows Defender Application Control policies - -A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md). - -Optionally, WDAC can align with your software catalog as well as any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged or serviced, and managed. - -If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). - ## Windows Defender Application Control policy rules -To modify the policy rule options of an existing WDAC policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy: +To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy: - To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command: - `Set-RuleOption -FilePath -Option 0` + `Set-RuleOption -FilePath -Option 0` Note that a policy that was created without the `-UserPEs` option is empty of user mode executables, that is, applications. If you enable UMCI (Option 0) for such a policy and then attempt to run an application, Windows Defender Application Control will see that the application is not on its list (which is empty of applications), and respond. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. To create a policy that includes user mode executables (applications), when you run `New-CIPolicy`, include the `-UserPEs` option. - To disable UMCI on an existing WDAC policy, delete rule option 0 by running the following command: - `Set-RuleOption -FilePath -Option 0 -Delete` + `Set-RuleOption -FilePath -Option 0 -Delete` -You can set several rule options within a WDAC policy. Table 2 describes each rule option. +You can set several rule options within a WDAC policy. Table 1 describes each rule option. > [!NOTE] > We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode. -**Table 2. Windows Defender Application Control policy - policy rule options** +**Table 1. Windows Defender Application Control policy - policy rule options** | Rule option | Description | |------------ | ----------- | @@ -68,7 +60,7 @@ You can set several rule options within a WDAC policy. Table 2 describes each ru | **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | -| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to Restricted Language Mode. NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | +| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | @@ -82,9 +74,9 @@ You can set several rule options within a WDAC policy. Table 2 describes each ru File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as fine-tuned as the hash of each binary or as general as a CA certificate. You specify file rule levels both when you create a new WDAC policy from a scan and when you create a policy from audit events. In addition, to combine rule levels found in multiple policies, you can merge the policies. When merged, WDAC policies combine their file rules, so that any application that would be allowed by either of the original policies will be allowed by the combined policy. -Each file rule level has its benefit and disadvantage. Use Table 3 to select the appropriate protection level for your available administrative resources and Windows Defender Application Control deployment scenario. +Each file rule level has its benefit and disadvantage. Use Table 2 to select the appropriate protection level for your available administrative resources and Windows Defender Application Control deployment scenario. -Table 3. Windows Defender Application Control policy - file rule levels +**Table 2. Windows Defender Application Control policy - file rule levels** | Rule level | Description | |----------- | ----------- | diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 5c5f924393..5c27166ee6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -44,7 +44,15 @@ You should consider using WDAC as part of your organization's application contro Beginning with Windows 10, version 1903, WDAC allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. While this opens up many new use cases for organizations, your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. -The following questions can help you plan your WDAC deployment. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. +The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust", we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. + +For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. + +Microsoft Endpoint Configuration Manager (previously known as System Center Configuration Manager (SCCM)), uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow SCCM and its dependencies, sets the managed installer policy rule, and additionally configures SCCM as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the SCCM administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for SCCM's native WDAC integration. + +The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. + +## WDAC design considerations ### How are apps managed and deployed in your organization? diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 3884112eab..b0a63103c4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -29,7 +29,7 @@ With thousands of new malicious files created every day, using traditional metho In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. -Application control can help mitigate these types of security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). Application control policies can also block unsigned scripts and MSIs, and restrict Windows PowerShell to run in [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-5.1). +Application control can help mitigate these types of security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). Application control policies can also block unsigned scripts and MSIs, and restrict Windows PowerShell to run in [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes). Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control moves away from an application trust model where all applications are assumed trustworthy to one where applications must earn trust in order to run. Many organizations, like the Australian Signals Directorate, understand this and frequently cite application control as one of the most effective means for addressing the threat of executable file-based malware (.exe, .dll, etc.). From d7000370803da6245ac912317368a9c33baae5b8 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 13:06:28 -0800 Subject: [PATCH 77/98] link edit + TOC update --- devices/hololens/TOC.md | 1 + devices/hololens/hololens2-fit-comfort-faq.md | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 8b12d44ca5..f1c1d82e8e 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -5,6 +5,7 @@ ## [HoloLens 2 hardware](hololens2-hardware.md) ## [Get your HoloLens 2 ready to use](hololens2-setup.md) ## [Set up your HoloLens 2](hololens2-start.md) +## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md) ## [Getting around HoloLens 2](hololens2-basic-usage.md) # Get started with HoloLens (1st gen) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index f46ef44d37..0d4dd45910 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -1,5 +1,5 @@ --- -title: HoloLens 2 fit and comfort frequently asked questions +title: HoloLens 2 fit and comfort FAQ description: Answers to frequently asked questions about how to fit your HoloLens 2. ms.prod: hololens ms.sitesec: library @@ -54,6 +54,6 @@ The device visor can slide in and out to accommodate eyewear. Grasp the device a ## My arm gets tired when I use gestures. What can I do? -When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens2-basic-usage.md#use-hololens-with-your-hands). +When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens2-basic-usage.md#the-hand-tracking-frame). And be sure to try out [voice commands](hololens-cortana.md). From 517553916dab4ae3ff07244c561777a3b824794e Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Thu, 7 Nov 2019 13:23:26 -0800 Subject: [PATCH 78/98] Removing en-us from link --- .../windows-defender-application-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index b0a63103c4..b05ffe98c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -42,7 +42,7 @@ Windows 10 includes two technologies that can be used for application control de ## Windows Defender Application Control -Windows Defender Application Control (WDAC) was introduced with Windows 10 and allows organizations to control what drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC). +Windows Defender Application Control (WDAC) was introduced with Windows 10 and allows organizations to control what drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC). > [!NOTE] > Prior to Windows 10, version 1709, Windows Defender Application Control was known as configurable code integrity policies. From 95016c99a0d638b3f98e388f073955157ceb329f Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Thu, 7 Nov 2019 13:32:35 -0800 Subject: [PATCH 79/98] Remove en-us from link --- ...dows-defender-application-control-policy-design-decisions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 5c27166ee6..87a4942ff4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -60,7 +60,7 @@ Organizations with well-defined, centrally-managed app management and deployment | Possible answers | Design considerations| | - | - | -| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/en-us/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | +| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | | Some apps are centrally managed and deployed, but teams can install additional apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can leverage managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. | | Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Windows Defender Antivirus and SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| From 85a23cbb8c1e35f4018c7476fdd080b8af046d78 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 13:34:16 -0800 Subject: [PATCH 80/98] Merged content --- devices/hololens/hololens-updates.md | 75 ++++++++++++++++++++++++---- 1 file changed, 64 insertions(+), 11 deletions(-) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index 8cceafc45f..dcf188dbad 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -1,23 +1,75 @@ --- -title: Manage updates to HoloLens (HoloLens) +title: Managing updates to HoloLens description: Administrators can use mobile device management to manage updates to HoloLens devices. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp +author: Teresa-Motiv +ms.author: v-tea ms.topic: article -ms.localizationpriority: medium -ms.date: 04/30/2018 -ms.reviewer: -manager: dansimp +ms.localizationpriority: high +ms.date: 11/7/2019 +ms.reviewer: jarrettr +manager: jarrettr +appliesto: +- HoloLens (1st gen) +- HoloLens 2 --- -# Manage updates to HoloLens +# Managing HoloLens updates + +HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the Internet. + +This article will walk through all of the way to manage updates on HoloLens. + +## Manually check for updates + +While HoloLens periodically checks for system updates so you don't have to, there may be circumstances in which you want to manually check. + +To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app says your device is up to date, you have all the updates that are currently available. + +## Go back to a previous version (HoloLens 2) + +In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version. + +> [!NOTE] +> Going back to an earlier version deletes your personal files and settings. + +To go back to a previous version of HoloLens 2, follow these steps: + +1. Make sure that you don't have any phones or Windows devices plugged in to your PC. +1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/en-us/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store. +1. Download the [most recent HoloLens 2 release](http://aka.ms/hololens2download). +1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it. +1. Connect your HoloLens to your PC using a USB-A to USB-C cable . (Even if you've been using other cables to connect your HoloLens, this one works best.) +1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile. +1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.) +1. Select **Install software**, and follow the instructions. + +## Go back to a previous version (HoloLens (1st gen)) + +In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version. + +> [!NOTE] +> Going back to an earlier version deletes your personal files and settings. + +To go back to a previous version of HoloLens (1st gen), follow these steps: + +1. Make sure that you don't have any phones or Windows devices plugged in to your PC. +1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/en-us/help/12379). +1. Download the [HoloLens Anniversary Update recovery package](http://aka.ms/hololensrecovery). +1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it. +1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.) +1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile. +1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.) +1. Select **Install software**, and follow the instructions. + +> [!NOTE] +> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions. + +# Use policies to manage updates to HoloLens >[!NOTE] ->HoloLens devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates. - -For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business). +>HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates. To configure how and when updates are applied, use the following policies: @@ -39,5 +91,6 @@ For devices on Windows 10, version 1607 only: You can use the following update p ## Related topics +- [Policies supported by HoloLens 2](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2) - [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business) - [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure) From db0b06172eca6209033139b0469bf74dd6e60443 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 7 Nov 2019 13:42:55 -0800 Subject: [PATCH 81/98] Added redirection for deleted topics --- .openpublishing.redirection.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 39a821b641..8f4e594709 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -241,6 +241,16 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees", "redirect_document_id": true From c953dd6cc55e9cb664778fcdc757d2194119cd10 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 7 Nov 2019 13:50:40 -0800 Subject: [PATCH 82/98] Added redirection for deleted topic --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8f4e594709..4749580a0e 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -251,6 +251,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees", "redirect_document_id": true From 0a22e78cf6fe77b03cb6af228deb95a2a5be9ae9 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 13:57:15 -0800 Subject: [PATCH 83/98] Link fixes --- devices/hololens/hololens-updates.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index dcf188dbad..08ff0c7e1a 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -37,8 +37,8 @@ In some cases, you might want to go back to a previous version of the HoloLens s To go back to a previous version of HoloLens 2, follow these steps: 1. Make sure that you don't have any phones or Windows devices plugged in to your PC. -1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/en-us/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store. -1. Download the [most recent HoloLens 2 release](http://aka.ms/hololens2download). +1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store. +1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download). 1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it. 1. Connect your HoloLens to your PC using a USB-A to USB-C cable . (Even if you've been using other cables to connect your HoloLens, this one works best.) 1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile. @@ -55,8 +55,8 @@ In some cases, you might want to go back to a previous version of the HoloLens s To go back to a previous version of HoloLens (1st gen), follow these steps: 1. Make sure that you don't have any phones or Windows devices plugged in to your PC. -1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/en-us/help/12379). -1. Download the [HoloLens Anniversary Update recovery package](http://aka.ms/hololensrecovery). +1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). +1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery). 1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it. 1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.) 1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile. @@ -91,6 +91,6 @@ For devices on Windows 10, version 1607 only: You can use the following update p ## Related topics -- [Policies supported by HoloLens 2](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2) +- [Policies supported by HoloLens 2](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2) - [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business) - [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure) From 34b1289903aa75e024f95648fee89d0f3c76aafd Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 13:59:21 -0800 Subject: [PATCH 84/98] Edits --- devices/hololens/hololens-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index 08ff0c7e1a..a9c637ae74 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -89,7 +89,7 @@ For devices on Windows 10, version 1607 only: You can use the following update p - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) - [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) -## Related topics +For more information about using policies to manage HoloLens, see the following articles: - [Policies supported by HoloLens 2](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2) - [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business) From 45b9bc253531bb676eecd0dcba2fe0013251c5a6 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Thu, 7 Nov 2019 14:12:45 -0800 Subject: [PATCH 85/98] Fix conflict with redirect_document_id: true --- .openpublishing.redirection.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4749580a0e..399dbdb7bc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -248,12 +248,12 @@ { "source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", @@ -271,6 +271,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm", "redirect_document_id": true @@ -15352,11 +15357,6 @@ "redirect_document_id": false }, { -"source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md", -"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", -"redirect_document_id": false -}, -{ "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac", "redirect_document_id": true From c400210e2274c65d2d7eb2491c264a75ac9267ca Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 7 Nov 2019 14:19:29 -0800 Subject: [PATCH 86/98] Review feedback --- devices/hololens/hololens2-fit-comfort-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index 0d4dd45910..4931ec785c 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -50,10 +50,10 @@ You can also experiment with the positioning of the headband—depending on ## How can I adjust HoloLens to fit with my glasses? -The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it. +To accommodate eyewear, you can tilt the visor. ## My arm gets tired when I use gestures. What can I do? -When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens2-basic-usage.md#the-hand-tracking-frame). +When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. You can also use hand rays to interact with holograms without raising your arms [Learn more about gestures and hand rays](hololens2-basic-usage.md#the-hand-tracking-frame). And be sure to try out [voice commands](hololens-cortana.md). From b7aa984a32491b016800d434e16b4037c5160cb8 Mon Sep 17 00:00:00 2001 From: Christopher Yoo Date: Thu, 7 Nov 2019 14:30:08 -0800 Subject: [PATCH 87/98] Update diagnostic-data-viewer-overview.md fixing broken powershell link --- windows/privacy/diagnostic-data-viewer-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 7ebad52ee8..819728ac85 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -45,7 +45,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. >[!Important] - >It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). + >It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2094264). ### Start the Diagnostic Data Viewer You can start this app from the **Settings** panel. From 52e9e70b91c5b2fb5cec48d81546441c300bcaf3 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Thu, 7 Nov 2019 16:54:26 -0800 Subject: [PATCH 88/98] Metadata update --- devices/hololens/hololens2-fit-comfort-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index 4931ec785c..397d61bb67 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -6,6 +6,7 @@ ms.sitesec: library author: Teresa-Motiv ms.author: v-tea ms.topic: article +audience: ItPro ms.localizationpriority: high ms.date: 11/07/2019 ms.reviewer: jarrettr From 1279978198215fed71af548eb2bfa83b8ca14018 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Thu, 7 Nov 2019 17:16:19 -0800 Subject: [PATCH 89/98] Edited metadata --- devices/hololens/hololens1-fit-comfort-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md index 69adacd775..d76375918c 100644 --- a/devices/hololens/hololens1-fit-comfort-faq.md +++ b/devices/hololens/hololens1-fit-comfort-faq.md @@ -9,6 +9,7 @@ ms.topic: article ms.localizationpriority: high ms.date: 10/09/2019 ms.reviewer: jarrettr +audience: ITPro manager: jarrettr appliesto: - HoloLens (1st gen) From ad80a3c690b78569229ef47ff55d05b96d9063ef Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Thu, 7 Nov 2019 17:17:01 -0800 Subject: [PATCH 90/98] Update hololens2-language-support.md --- devices/hololens/hololens2-language-support.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index f0e137764b..760880135d 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -8,7 +8,8 @@ ms.author: v-tea ms.topic: article ms.localizationpriority: medium ms.date: 9/12/2019 -ms.reviewer: +audience: ITPro +ms.reviewer: jarrettr manager: jarrettr appliesto: - HoloLens 2 From f80e1aff80de1443c58079892d9ab1db74c78cc6 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Thu, 7 Nov 2019 17:33:09 -0800 Subject: [PATCH 91/98] Update hololens-updates.md --- devices/hololens/hololens-updates.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index a9c637ae74..e0b662bd3d 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -5,6 +5,7 @@ ms.prod: hololens ms.sitesec: library author: Teresa-Motiv ms.author: v-tea +audience: ITPro ms.topic: article ms.localizationpriority: high ms.date: 11/7/2019 From 21476dce1d46d7ae021d1b30338f1b78f7e9894d Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Fri, 8 Nov 2019 09:04:07 -0800 Subject: [PATCH 92/98] Update resetpolicyid warning Using -resetpolicyid prevents a policy from running on pre-1903 systems --- .../plan-windows-defender-application-control-management.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index cb2cb5b772..2d05216e90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -47,10 +47,10 @@ To effectively manage WDAC policies, you should store and maintain your policy X ### Set PolicyName, PolicyID, and Version metadata for each policy -Use the [Set-CIPolicyIDInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, we recommend using the -ResetPolicyId switch to let the system auto-generate a unique ID for the policy. +Use the [Set-CIPolicyIDInfo](https://docs.microsoft.com/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing WDAC events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system auto-generate a unique ID for the policy. > [!NOTE] -> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above. +> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. > PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy. In addition, we recommend using the [Set-CIPolicyVersion](https://docs.microsoft.com/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (e.g. "1.0.0.0"). From 2fbe3368ffd72be0422802ee7df67555ee4ccb15 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Fri, 8 Nov 2019 09:19:23 -0800 Subject: [PATCH 93/98] Added link to updates topic --- devices/hololens/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 57f7ca833e..159effd554 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -55,6 +55,7 @@ # Update and recovery ## [Join the Windows Insider program](hololens-insider.md) +## [Managing HoloLens updates](hololens-updates.md) ## [Restart, reset, or recover](hololens-recovery.md) ## [Known issues](hololens-known-issues.md) ## [Frequently asked questions](hololens-faq.md) From 7fd21399ab046802be61aea39b872e9c72249fbd Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 8 Nov 2019 14:23:57 -0800 Subject: [PATCH 94/98] reduce number of notes and add one --- .../intelligence/safety-scanner-download.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index f00d63e08f..f6b12d45e0 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -24,15 +24,17 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from - [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732) > [!NOTE] -> The security intelligence update version of the Microsoft Safety Scanner matches the version described [in this web page](https://www.microsoft.com/wdsi/definitions). +> Starting November 2019, Safety Scanner will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to run Safety Scanner. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). -Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. +## Important information -> [!NOTE] -> This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection). +- The security intelligence update version of the Microsoft Safety Scanner matches the version described [in this web page](https://www.microsoft.com/wdsi/definitions). -> [!NOTE] -> Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. +- Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. + +- Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. + +- This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection). ## System requirements From 6e4a67aad1afbea8e031c79a2f442b59a47ac009 Mon Sep 17 00:00:00 2001 From: Sarah Cooley Date: Fri, 8 Nov 2019 14:51:40 -0800 Subject: [PATCH 95/98] charger info --- devices/hololens/hololens1-hardware.md | 6 ++++++ devices/hololens/hololens1-setup.md | 4 ++++ devices/hololens/hololens2-hardware.md | 9 +++++++++ devices/hololens/hololens2-setup.md | 4 +++- 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md index b10c64486f..19d36dd0fe 100644 --- a/devices/hololens/hololens1-hardware.md +++ b/devices/hololens/hololens1-hardware.md @@ -48,6 +48,12 @@ The HoloLens box contains the following items: >[!TIP] >The [clicker](hololens1-clicker.md) ships with HoloLens (1st Gen), in a separate box. +### Power Supply details + +The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A. + +Charging rate and speed may vary depending on the environment in which the device is running. + ## Device specifications ### Display diff --git a/devices/hololens/hololens1-setup.md b/devices/hololens/hololens1-setup.md index 4aefbad094..406d638951 100644 --- a/devices/hololens/hololens1-setup.md +++ b/devices/hololens/hololens1-setup.md @@ -29,6 +29,10 @@ When your HoloLens is on, the battery indicator shows the battery level in incre > [!TIP] > To get an estimate of your current battery level, say "Hey Cortana, how much battery do I have left?" +The power supply and USB cable that come with the device are the best way to charge your HoloLens (1st gen). The power supply provides 18W of power (9V 2A). + +Charging rate and speed may vary depending on the environment in which the device is running. + ## Adjust fit > [!VIDEO https://www.microsoft.com/videoplayer/embed/be3cb527-f2f1-4f85-b4f7-a34fbaba980d] diff --git a/devices/hololens/hololens2-hardware.md b/devices/hololens/hololens2-hardware.md index 3418e52e5e..ca62dbf852 100644 --- a/devices/hololens/hololens2-hardware.md +++ b/devices/hololens/hololens2-hardware.md @@ -35,6 +35,14 @@ Microsoft HoloLens 2 is an untethered holographic computer. It refines the holo - **Power supply**. Plugs into a power outlet. - **Microfiber cloth**. Use to clean your HoloLens visor. +### Power Supply details + +The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A. + +Charging rate and speed may vary depending on the environment in which the device is running. + +In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. + ## Device specifications ### Display @@ -83,6 +91,7 @@ Microsoft HoloLens 2 is an untethered holographic computer. It refines the holo | Battery technology | [Lithium batteries](https://www.microsoft.com/download/details.aspx?id=43388) | | Charging behavior | Fully functional when charging | | Cooling type | Passively cooled (no fans) | +| Power draw | In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. | ### Fit diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md index 9f8edd7758..319644824d 100644 --- a/devices/hololens/hololens2-setup.md +++ b/devices/hololens/hololens2-setup.md @@ -21,7 +21,9 @@ The procedures below will help you set up a HoloLens 2 for the first time. ## Charge your HoloLens -Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet. +Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet. The power supply and USB-C-to-C cable that come with the device are the best way to charge your HoloLens 2. The charger supplies 18W of power (9V at 2A). + +Charging rate and speed may vary depending on the environment in which the device is running. - When the device is charging, the battery indicator lights up to indicate the current level of charge. The last light will fade in and out to indicate active charging. - When your HoloLens is on, the battery indicator displays the battery level in increments. From c3c9e4396167137bdf6c70e70bc0054390f8de4d Mon Sep 17 00:00:00 2001 From: Sarah Cooley Date: Fri, 8 Nov 2019 14:52:11 -0800 Subject: [PATCH 96/98] charger info --- devices/hololens/hololens1-hardware.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md index 19d36dd0fe..54e87ddd8f 100644 --- a/devices/hololens/hololens1-hardware.md +++ b/devices/hololens/hololens1-hardware.md @@ -54,6 +54,8 @@ The power supply and the USB cable that come with the device are the best suppor Charging rate and speed may vary depending on the environment in which the device is running. +In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. + ## Device specifications ### Display From 656a9c293140a0fc2202a2fef0953d84236c71ba Mon Sep 17 00:00:00 2001 From: Sarah Cooley Date: Fri, 8 Nov 2019 15:04:36 -0800 Subject: [PATCH 97/98] fixing date --- devices/hololens/hololens1-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens1-setup.md b/devices/hololens/hololens1-setup.md index 406d638951..cbbc2315b7 100644 --- a/devices/hololens/hololens1-setup.md +++ b/devices/hololens/hololens1-setup.md @@ -7,7 +7,7 @@ author: JesseMcCulloch ms.author: jemccull ms.topic: article ms.localizationpriority: high -ms.date: 8/12/19 +ms.date: 8/12/2019 ms.reviewer: manager: jarrettr appliesto: From 106b47244b0524f7a6806f19f792919aa9bfcad2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 8 Nov 2019 15:22:27 -0800 Subject: [PATCH 98/98] Changed "It's" to "It" In "It's supplies 9V at 2A", I changed *It's* to *It*. --- devices/hololens/hololens1-hardware.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md index 54e87ddd8f..285f44dd6a 100644 --- a/devices/hololens/hololens1-hardware.md +++ b/devices/hololens/hololens1-hardware.md @@ -50,7 +50,7 @@ The HoloLens box contains the following items: ### Power Supply details -The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A. +The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It supplies 9V at 2A. Charging rate and speed may vary depending on the environment in which the device is running.