5056 A cryptographic self-test was performed
Written when a cryptographic module self-test is performed. It is an informational event indicating a health check of cryptographic functionality.
Overview
The subcategory is Audit System Integrity. It is generated when a Windows cryptographic module (CNG, etc.) performs a prescribed self-test (verifying algorithm correctness). It is part of validation processes such as FIPS compliance.
How it is triggered
- A self-test performed at cryptographic module initialization or at prescribed times.
Security review points
- It is normally a benign informational event with low standalone security value. View it from the angle of confirming that self-test failures (related 5057/5060) are not appearing.
- A cryptographic module fault can indicate tampering or corruption, so monitor it together with failure events.
Notes for log review
- It is informational. Assess cryptographic health not alone but together with crypto operation failure 5057 and verification failure 5060.
Key fields
| Field | Meaning |
|---|---|
| Module/algorithm | The test target |