Enable FIPS Compliant Encryption on Windows

Exago is FIPS (Federal Information Processing Standard) 140-2 compliant. FIPS is a United States and Canadian government standard which defines a minimum set of security requirements for cryptographic systems. This standard is designed for products to secure sensitive but unclassified information.

Exago is compliant with FIPS Level 2 (140-2) which is the current active version of the standard. Before enabling FIPS, please be aware that you may lose access to certain websites which use SSL 1.0 via Internet Explorer. For more details, see the following Microsoft support topics:

• “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” security setting effects in Windows XP and in later versions of Windows
• PRB: Cannot visit SSL sites after you enable FIPS compliant cryptography

Enabling FIPS

FIPS compliant encryption on Windows can be enabled using a local group policy setting or by editing a registry key.

Group Policy

Log in with an account that has administrative credentials. To open the Group Policy editor, press Start, press Run, type gpedit.msc, and press Enter.

Navigate to the following setting:

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

In the Details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.

Select Enabled, and press OK or Apply. Then restart the web server.

Windows Registry

Log in with an account that has administrative credentials. To open the Registry editor, press Start, press Run, type regedit, and press Enter.

Navigate to the following key:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaFipsAlgorithmPolicy

Double-click on Enabled.

Enter 1 in Value data, then press OK. Then restart the web server.