Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,054 questions
How to prove .Net app FIPS compliance referencing NIST CMVP Certificate
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 78%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Brandon Arthur
0
Reputation points
There appears to be no supported version of Windows Server with active FIPS certificates for the Cryptographic Primitives Library and Kernel Mode Cryptographic Primitives Library.
Needing to prove how .Net app is FIPS compliant by referencing the FIPS certificate numbers available in the NIST CMVP for Windows Server. Since the application runs on Windows Server I assume that .Net Framework and IIS derive cryptographic functions from the underlying Windows CNG API. Does the hierarchy of cryptographic functions flow from .Net to the Cryptographic Primitives Library (bcrypt.dll) then to the Kernel Mode Cryptographic Primitives Library (cng.sys)? And does that mean I will have to reference both bcrypt.dll and cng.sys FIPS certificates? If so, I do not see a current FIPS certificate for a supported version of Server 2019 for Cryptographic Primitives Library.
Sign in to answer