Porting an existing Framework application to Core in which we had long since replaced System.Security.Cryptography.SHA256 and System.Security.Cryptography.SHA256Managed with the System.Security.Cryptography.SHA256Cng. Is there a .net core equivalent of these *Cng types? If not does are the same security issues present in core that were present in Framework?
No, since .NET 5 there aren't any differences any more. All these classes are now wrappers for the corresponding FIPS certified OS implementation. If there isn't any FIPS certified library installed for the current OS, a fallback library is choosen, even if it's not certified. Lastly a "Managed" implementation (purely C#) is choosen when available. If managed is also not available then an exception will be thrown.
A full explanation can be seen here. Update: Fixed link