diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index 1ac9b1154be6..cdca556c0765 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -58,7 +58,7 @@ RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '5.3.1'; })
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = 'Azure.Security.KeyVault.Administration.dll', 
                'Azure.Security.KeyVault.Certificates.dll', 
-               'Azure.Security.KeyVault.Keys.dll', 'BouncyCastle.Crypto.dll', 
+               'Azure.Security.KeyVault.Keys.dll', 
                'KeyVault.Autorest/bin/Az.KeyVault.private.dll', 
                'Microsoft.Azure.KeyVault.dll', 
                'Microsoft.Azure.KeyVault.WebKey.dll', 
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
index 4abf88077b51..224f7bc6d940 100644
--- a/src/KeyVault/KeyVault/ChangeLog.md
+++ b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Updated security domain PEM key handling to use built-in .NET cryptography instead of Portable.BouncyCastle
+    - Maintains support for standard PKCS#1 and PKCS#8 keys while resolving the CodeQL cs/use-approved-crypto-library finding
 
 ## Version 6.4.1
 * Updated Azure.Core from 1.45.0 to 1.47.3
diff --git a/src/KeyVault/KeyVault/KeyVault.csproj b/src/KeyVault/KeyVault/KeyVault.csproj
index dd2fa52e82f1..3335ec3f91f7 100644
--- a/src/KeyVault/KeyVault/KeyVault.csproj
+++ b/src/KeyVault/KeyVault/KeyVault.csproj
@@ -15,7 +15,6 @@
     <PackageReference Include="Azure.Security.KeyVault.Administration" Version="4.4.0-beta.1" />
     <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.6.0-beta.1" />
     <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.6.0" />
-    <PackageReference Include="Portable.BouncyCastle" Version="1.8.8" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="4.5.0" />
diff --git a/src/KeyVault/KeyVault/SecurityDomain/Models/CertKey.cs b/src/KeyVault/KeyVault/SecurityDomain/Models/CertKey.cs
index 6fff1d5ab6bc..8a178f7e5431 100644
--- a/src/KeyVault/KeyVault/SecurityDomain/Models/CertKey.cs
+++ b/src/KeyVault/KeyVault/SecurityDomain/Models/CertKey.cs
@@ -1,6 +1,4 @@
 using Microsoft.Azure.Commands.KeyVault.SecurityDomain.Common;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.OpenSsl;
 using System;
 using System.IO;
 using System.Runtime.InteropServices;
@@ -51,61 +49,25 @@ public void Load(KeyPath path)
 
         static RSAParameters RsaParamsFromPem(string path, string password)
         {
-            using (var stream = File.OpenText(path))
-            {
-                var reader = string.IsNullOrEmpty(password) ? new PemReader(stream) : new PemReader(stream, new PasswordFinder(password));
-                var keyParameters = reader.ReadObject() as RsaPrivateCrtKeyParameters;
+            string pem = File.ReadAllText(path);
 
-                return ToRSAParameters(keyParameters);
-            }
-        }
-
-        static RSAParameters ToRSAParameters(RsaPrivateCrtKeyParameters privKey)
-        {
-            RSAParameters rp = new RSAParameters
+            using (RSA rsa = RSA.Create())
             {
-                Modulus = privKey.Modulus.ToByteArrayUnsigned(),
-                Exponent = privKey.PublicExponent.ToByteArrayUnsigned(),
-                P = privKey.P.ToByteArrayUnsigned(),
-                Q = privKey.Q.ToByteArrayUnsigned()
-            };
-            rp.D = ConvertRSAParametersField(privKey.Exponent, rp.Modulus.Length);
-            rp.DP = ConvertRSAParametersField(privKey.DP, rp.P.Length);
-            rp.DQ = ConvertRSAParametersField(privKey.DQ, rp.Q.Length);
-            rp.InverseQ = ConvertRSAParametersField(privKey.QInv, rp.Q.Length);
-            return rp;
-        }
-
-
-        static byte[] ConvertRSAParametersField(Org.BouncyCastle.Math.BigInteger n, int size)
-        {
-            byte[] bs = n.ToByteArrayUnsigned();
-            if (bs.Length == size)
-                return bs;
-            if (bs.Length > size)
-                throw new ArgumentException("Specified size too small", "size");
-            byte[] padded = new byte[size];
-            Array.Copy(bs, 0, padded, size - bs.Length, bs.Length);
-            return padded;
+                if (string.IsNullOrEmpty(password))
+                {
+                    rsa.ImportFromPem(pem);
+                }
+                else
+                {
+                    rsa.ImportFromEncryptedPem(pem, password);
+                }
+
+                return rsa.ExportParameters(true);
+            }
         }
 
         X509Certificate2 _cert;
         RSA _key;
         byte[] _thumbprint;
-
-        private class PasswordFinder : IPasswordFinder
-        {
-            private readonly string _password;
-
-            public PasswordFinder(string password)
-            {
-                _password = password;
-            }
-
-            public char[] GetPassword()
-            {
-                return _password.ToCharArray();
-            }
-        }
     }
 }
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
index e81f51db9a9d..ffdacc3da148 100644
--- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
+++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
@@ -2,7 +2,6 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.KeyVault.Models;
 using Microsoft.Azure.KeyVault.Models;
-using Org.BouncyCastle.X509;
 
 using System;
 using System.Collections;