FIPS 140-1 Validation for Cryptographic Service Providers

ID: Q237849


The information in this article applies to:
  • Microsoft Windows NT Server version 4.0 SP5
  • Microsoft Windows NT Workstation version 4.0 SP5
  • Microsoft Windows NT Server, Enterprise Edition version 4.0 SP5


SYMPTOMS

Microsoft Cryptography Service Providers (CSPs) do not retain Federal Information Processing Standard (FPIS) 140-1 validations.


RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT. For additional information, please see the following article in the Microsoft Knowledge Base:

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was first corrected in Windows NT 4.0 Service Pack 6.


MORE INFORMATION

FPIS is a U.S. Government standard that provides a benchmark for implementing cryptographic software. It specifies the best practices for implementing cryptoalgorithms, handling key material and data buffers, and working with the operating system. Software vendors submit their products to an evaluation process to demonstrate their implementation of this standard. Other governmental and prominent financial institutions are also beginning to require the FPIS 140-1 validation.

The following four CSPs are updated in Windows NT 4.0 Service Pack 6:

  • Rsabase.dll: Microsoft Base RSA Cryptographic Provider


  • Rsaenh.dll: Microsoft Enhanced RSA Cryptographic Provider


  • Dssbase.dll: Microsoft Base DSS/Diffie-Hellman Cryptographic Provider


  • Dssenh.dll: Microsoft Enhanced DSS/Diffie-Hellman Cryptographic Provider


The FIPS 140-1 entries of the four CSPs can be seen on http://csrc.nist.gov/cryptval/140-1/1401val.htm.

The FIPS process requires vendors of FIPS 140-1 validated CSPs to publish the associated security policy documentation. The security policies for the four Microsoft FIPS 140-1 valiated CSPs can be found at http://www.microsoft.com/security/Issues/FIPS140-1Evaluation.asp.

For the latest information about security issues related to Microsoft products, including the FIPS 140-1 validation, please visit the following Microsoft Web site:
http://www.microsoft.com/security/

Additional query words: CryptoAPI

Keywords : kbpolicy ntsecurity ntsp kbbug4.00 kbfix4.00 NT4SP6Fix
Version : winnt:4.0 SP5
Platform : winnt
Issue type : kbbug


Last Reviewed: November 24, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.