Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Security Explorer 9.9.2 - Deployment Guide

Table of Contents

Deployment overview and requirements

Overview Audience Cryptographic usage Background Prerequisites Installation and operation

Background

To execute in a FIPS compliant mode, a Windows environment requires the Microsoft Policy "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting enabled.

Microsoft states that "This policy is only advisory to applications. Therefore, if you enable the policy, it does not make sure that all applications will comply".

Security Explorer 9.9.2 leverages Microsoft's CryptoAPI (CAPI) and CryptoAPI Next Generation (CNG) for its cryptographic needs.

Microsoft Product Relationship with CNG and CAPI libraries is documented here: https://technet.microsoft.com/en-us/library/cc750357.aspx

"Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services.

Prerequisites

The following prerequisites are necessary to set up an environment for FIPS Mode.

•

Windows Server 2008 R2 or later (latest)

•

The following group policies must be enabled:

•

System Cryptography: Use FIPS compliance algorithms for encryption, hashing and signing. Ensure this policy is enabled.

•

Network Security: Configure encryption types allowed for Kerberos. Ensure the “AES128_HMAC_SHA1” and “AES256_HMAC_SHA1” values are selected.

Installation and operation

Installing Security Explorer 9.9.2 in a new environment automatically enforces all FIPS Mode requirements. No updates are required.

In order to ensure FIPS compliance in the environment, older components must be upgraded or uninstalled.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center