Needs specifics - list the FIPS validation certificate numbers

[npherson]

Any customer with compliance requirements for FIPS encryption will have to demonstrate to an auditor that FIPS verified cryptographic modules are used. While this article lists 'Yes', it doesn't list the FIPS validation certificate number, and the Microsoft and NIST webpages listing all the certificates can't be mapped back to these features (like Office 365 Message Encryption).

Please update the FIPS validation column to include the specific certificate numbers used by that particular service.

Thanks!

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 7b0b9911-441e-68b7-e0dd-472f8e66b0ac
• Version Independent ID: 3760032b-5f82-b058-471f-97b4387d7bcc
• Content: Encryption Risks and Protections - Microsoft 365 Compliance
• Content Source: microsoft-365/compliance/office-365-encryption-risks-and-protections.md
• Service: o365-seccomp
• GitHub Login: @KCCross
• Microsoft Alias: krowley

[yogkumgit]

@KCCross Please help us in resolving this issue. Thanks

[KCCross]

Looking for the right internal owner for this.

[npherson]

Any luck finding an owner? I had 2 different internal escalation threads that have failed to get an answer. While we get that there are LOTs of encryption points in connecting to exchange and whatnot, my customer is specifically looking at the FIPS number for the encryption for the message itself that we are referring to by that column.

[yogkumgit]

@KCCross Please update. Thanks

[derekateam]

@KCCross Any update I have client going thru CJIS Audit and simply showing it in the product information will not suffice for the auditor. He needs the actual certificate numbers. @npherson Did you find any info on this ?