Code Integrity

Certificate #4602

Webpage information ?

Status active
Validation dates 20.09.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode
Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Description Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.
Tested configurations
  • Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R640 Server with an Intel Xeon Gold 6230
  • Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R840 Server with an Intel Xeon Platinum 8260
  • Windows Server 2019 Datacenter Core (x64) running on a Dell XR2 with an Intel Xeon Silver 4114
  • Windows Server 2019 Datacenter Core (x64) running on a Rugged Mobile Appliance with an Intel Xeon D-1559 (single-user mode)
Vendor Microsoft Corporation
References

This certificate's webpage directly references 1 certificates, transitively this expands into 2 certificates.

Security policy ?

Symmetric Algorithms
AES
Hash functions
SHA-1, SHA1, SHA-256, SHA-384, SHA-512, SHA-2, SHA2
Protocols
SSL

Vendor
Microsoft Corporation, Microsoft

Standards
FIPS 140, FIPS 140-2, FIPS 186-4, FIPS 180-4, PKCS#1

File metadata

Title Microsoft Security Policy
Subject FIPS Certification
Author Microsoft Corporation
Creation date D:20230908092738-07'00'
Modification date D:20230908092738-07'00'
Pages 25
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

References

Outgoing
  • 4545 - active - Windows OS Loader
Incoming
  • 4687 - active - Cryptographic Primitives Library
  • 4686 - active - Virtual TPM
  • 4688 - active - BitLocker Dump Filter

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

  • 04.07.2024 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['4686', '4687', '4688']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4686', '4687', '4688']}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'_type': 'Set', 'elements': ['4686', '4687', '4688']}, 'indirectly_referenced_by': {'_type': 'Set', 'elements': ['4686', '4687', '4688']}} data.
  • 01.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4602,
  "dgst": "f18c99b3daa260d7",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA#C1586",
        "RSA#C2052",
        "SHS#C1577",
        "RSA#C1577",
        "RSA#C2044",
        "SHS#C2044"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4687",
          "4686",
          "4688"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4545"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4686",
          "4687",
          "4688"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4484",
          "4545"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4545"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4687",
          "4686",
          "4688"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4545"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4686",
          "4687",
          "4688"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4484",
          "4545"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "4545"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "TLS": {
          "SSL": {
            "SSL": 2
          }
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#4545": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "PKCS#1": 9,
          "RSA PKCS#1": 5,
          "SHA- 512": 1,
          "SHA-1": 7,
          "SHA-2": 2,
          "SHA-256": 13,
          "SHA-384": 5,
          "SHA-512": 6,
          "SHA1": 2,
          "SHA2": 1
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 7,
            "SHA1": 2
          },
          "SHA2": {
            "SHA-2": 2,
            "SHA-256": 13,
            "SHA-384": 5,
            "SHA-512": 6,
            "SHA2": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 4,
          "FIPS 140-2": 7,
          "FIPS 180-4": 5,
          "FIPS 186-4": 5
        },
        "PKCS": {
          "PKCS#1": 7
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 2
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 24,
          "Microsoft Corporation": 28
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Microsoft Corporation",
      "/CreationDate": "D:20230908092738-07\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled": "True",
      "/MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method": "Standard",
      "/MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
      "/ModDate": "D:20230908092738-07\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Subject": "FIPS Certification",
      "/Title": "Microsoft Security Policy",
      "pdf_file_size_bytes": 560007,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4545",
          "https://www.microsoft.com/en-us/howtotell/default.aspx",
          "http://creativecommons.org/licenses/by-nd-nc/1.0/",
          "https://www.microsoft.com/en-us/windows"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 25
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "a8b0d579b692abb5e50f433292091a95fb814abf50975ce8aba87056296b6370",
    "policy_txt_hash": "7ead3f200dbed4ff3e88bde20db6e5237267a69d9819681b4c1901d6e265f3c1"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf",
    "date_sunset": "2026-09-21",
    "description": "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Design Assurance: Level 2"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {
      "4545": 1
    },
    "module_name": "Code Integrity",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "10.0.17763.10021 and 10.0.17763.10127",
    "tested_conf": [
      "Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R640 Server with an Intel Xeon Gold 6230",
      "Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R840 Server with an Intel Xeon Platinum 8260",
      "Windows Server 2019 Datacenter Core (x64) running on a Dell XR2 with an Intel Xeon Silver 4114",
      "Windows Server 2019 Datacenter Core (x64) running on a Rugged Mobile Appliance with an Intel Xeon D-1559 (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-09-20",
        "lab": "LEIDOS CSTL",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Microsoft Corporation",
    "vendor_url": "http://www.microsoft.com"
  }
}