Terminal Services Encryption Level is not FIPS-140 Compliant

Nemalikonda P Chari 11 Reputation points
2020-10-21T14:16:26+00:00

Terminal Services Encryption Level is not FIPS-140 Compliant

Please suggest me fix for this vulnerability

Windows for business | Windows Server | User experience | Other
{count} vote

1 answer

Sort by: Most helpful
  1. Anonymous
    2020-10-22T03:07:49.723+00:00

    Hi,

    You can use group policy or registry key on the terminal server to set the Encryption Level.

    Group Policy:

    Computer Configuration\Windows Settings\Security Settings\Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

    Registry:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Terminal Services]
    “MinEncryptionLevel” REG_DWORD set the value to 4
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp]
    “MinEncryptionLevel” REG_DWORD set the value to 4

    For your reference
    https://learn.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

    Thanks,
    Eleven

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.