It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data.
CryptoAPI works with a number of CSPs (Cryptographic Service Providers) installed on the machine.
CSPs are the modules that do the actual work of encoding and decoding data by performing the cryptographic functions.
CNG also supports elliptic curve cryptography which, because it uses shorter keys for the same expected level of security, is more efficient than RSA.
CNG also replaces the default PRNG with CTR_DRBG using AES as the block cipher, because the earlier RNG which is defined in the now superseded FIPS 186-2 is based on either DES or SHA-1, both which have been broken.