The common term “FIPS mode” is used in this document and Security Policy documents. When a cryptographic module contains both FIPS-approved and non-FIPS approved security methods, it must have a "FIPS mode of operation" to ensure only FIPS-approved security methods may be used. When this policy is set, the validated cryptographic modules in Windows will also operate in a FIPS-approved mode. Note – There is no enforcement of the FIPS policy by the operating system or the validated cryptographic modules. The current standard defines four-levels of increasing security, 1 through 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements. If you've already submitted a request, we'll close that request and take a look at this one. This document is primarily focused on providing information for three parties: Procurement Officer – Responsible for verifying that Microsoft products (or even third-party applications) are either FIPS 140 validated or utilize a Microsoft FIPS 140 validated cryptographic module.
Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services. This document is broken into seven major sections: FIPS 140 Overview – Provides an overview of the FIPS 140 standard as well as provides some historical information about the standard. Microsoft Product Validation (Information for Procurement Officers and Auditors) – Provides information on how Microsoft products are FIPS 140 validated. We'll send an email to to let you know if you've provided enough information to recover your account.It usually takes us about 24 hours to review the information submitted.