FIPS 140-2 Support

OSVBNET 1,391 Reputation points
2022-04-20T01:55:23.497+00:00

Hey,
Anyone knows if enabling FIPS 140-2 via this registry key is supported on which Windows versions? (minimum version / build number)
LocalMachine :: SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy :: Enabled
I wonder if there's official statement from MS :(
Thanks.

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,926 Reputation points
    2022-04-25T07:46:20.427+00:00

    Hi Osvbnet,

    This isn't an official statement from Microsoft, but as far as I'm aware, WIndows 7 and above supports FIPS 140-2 via the registry key change you mention.

    Here are the official instructions:

    http://support.microsoft.com/kb/811833

    summarised as follows:

    1) Using an account that has administrative credentials, log on to the computer.
    2) Click Start, click Run, type gpedit.msc, and then press ENTER.
    3) In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
    4) Under the Security Settings node, double-click Local Policies, and then click Security Options.
    5) In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
    6) In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
    7) Close the Local Group Policy Editor.

    If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1

    Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

    I hope this answers your question.


    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.