FIPS Compliance

”An unexpected error has occured”

SharePoint is not at all friendly with FIPS. Recently I faced this issue at my customer's place. I have tried all possible ways to get my site running and I ended up with the below issue. 

“An exception occurred when trying to issue security token: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.


Checked the current status of FIPS.



I have never faced this issue in my development environment so far. I had to dig up and found what it really is. 

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.

 FIPS standards are issued to establish requirements for various purposes such as ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist.

 Solution

 SharePoint does not work with FIPS and this should be disabled.

 1. Start the Group Policy Object Editor tool (gpedit.msc).
2. In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then select Security Options.
3. In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
4. In the dialog box that opens, select Disabled and click OK.
5. Restart the computer.

 Cheers :)

Comments

  1. UnknownMarch 16, 2017 at 9:42 AM

    Hi Anoop,

    A question for you. As per the ODAA guidelines 4.8 , FIPS must be enabled on the Windows OS. Did your customer get an exemption ? At some point there will be DSS security inspection on the IS. I am on exactly on the same situation and I can't disable the FIPS since it is a requirement.

    Thanks

    ReplyDelete
    Replies
    1. Anoop AVApril 4, 2017 at 12:36 PM

      Dear Prab,

      Thank you for pointing out the guidelines. I have discussed with my client about the issue and requested for an approval for disabling FIPS. My client is having a dedicated Microsoft team and based on their policies, I got the approval. I am not sure about the internal security policies in this regard.

      I would like to know more about this and will be happy if you could give me more insight on this. Please reach me at anoopvgnr@gmail.com.

      Delete
  2. Anoop AVApril 4, 2017 at 12:38 PM

    Dear Team,

    Have anyone worked on Reverse Proxy for SharePoint?

    ReplyDelete

Post a Comment

Popular posts from this blog

SharePoint Hierarchy

Image
Understanding the SharePoint Hierarchy At the top of the hierarchy are  SharePoint Farms . This encompasses all the physical servers that comprise your SP installation. It may consist of one server or twenty. When you run the SharePoint Product Configuration wizard after installing, you either create a new server farm or connect to an existing one. It’s done once. Once you have your server farm you must set up a  web application . This is what creates a corresponding website in IIS to host the site. This is where it gets its application pool and other IIS properties. You can create multiple web applications on a server farm. Now you have a hollow web application but nothing else. Enter  site collections . It is simply a collection of SharePoint sites inside the web application. Here you define a top-level site. You can have multiple site collections. From your site collection you have a top-level  site  that will have  multiple sites  underneath it. This is
Read more

SharePoint 2013 Quick Access URL List

This list might come handy for SharePoint freaks in their day to day life.  Users and Permissions: People and Groups: _layouts/people.aspx> Site Collection Admins: _layouts/mngsiteadmin.aspx Advanced Permissions: _layouts/user.aspx Master Pages: _Layouts/ChangeSiteMasterPage.aspx Look and Feel: Title, Desc, and Icon: _layouts/prjsetng.aspx Navigation: _layouts/AreaNavigationSettings.aspx Page Layout and Ste Templates: _Layouts/AreaTemplateSettings.aspx Welcome Page: _Layouts/AreaWelcomePage.aspx Tree View: _layouts/navoptions.aspx Top Nav Bar: _layouts/topnav.aspx Site Theme: _layouts/themeweb.aspx Reset to Site Definition: _layouts/reghost.aspx Searchable Columns: _Layouts/NoCrawlSettings.aspx Site Content Types: _layouts/mngctype.aspx Galleries Site Columns: _layouts/mngfield.aspx Site Templates: _catalogs/wt/Forms
Read more