FIPS 140-2

[marchristensen]

My software vendor is requiring us to turn on FIPS 140-2 on all our Windows 2008 servers that run the application. Can we do this, one server at a time, while keeping the servers and the application up and running. Thanks.

 

[kmcferrin]

FIPS 140-2 is a standard for cryptographic modules. FIPS 140-2 modules can be used in many different ways. What do you mean by "turning it on"?

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[marchristensen]

Microsoft has a series of steps to configure a server so that configured to use a FIPS 140-2 cryptographic module. These instructions include enabling FIPS-compliant algorithms for encryption, hashing, and signing in the security options.

What I am asking, is can I leave all my applications and users up and running while I make the changes to the security options to enable the server to run under FIPS 140-2.

I hope that explains my question.

 

[kmcferrin]

I imagine that the answer will depend on what you are using the new module for. If you're just installing it but not using it to encrypt anything then I doubt it will be an issue. If you're using it for IPSEC communications then you may require a fallback mode to a less secure standard until all hosts can use the new standard. And so on...

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[marchristensen]

Thank you