Chat now with support
Chat with Support

Security Explorer 9.9.2 - Deployment Guide

Background

To execute in a FIPS compliant mode, a Windows environment requires the Microsoft Policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting enabled.

Microsoft states that "This policy is only advisory to applications. Therefore, if you enable the policy, it does not make sure that all applications will comply".

Security Explorer 9.9.2 leverages Microsoft's CryptoAPI (CAPI) and CryptoAPI Next Generation (CNG) for its cryptographic needs.

Microsoft Product Relationship with CNG and CAPI libraries is documented here: https://technet.microsoft.com/en-us/library/cc750357.aspx

"Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services.

Prerequisites

The following prerequisites are necessary to set up an environment for FIPS Mode.

Installation and operation

Installing Security Explorer 9.9.2 in a new environment automatically enforces all FIPS Mode requirements. No updates are required.

In order to ensure FIPS compliance in the environment, older components must be upgraded or uninstalled.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating