Enable FIPS 140-2 mode with storage zones controller configuration
Before applying the following configuration for ShareFile, validate that the FIPS mode is enabled on Windows Server. To do so:
- Launch the registry editor (regedit).
- Browse to the path:
- Check for the registry value UseFIPSCompliantAPI.
- If the value data (DWORD) is 1, FIPS compliant mode is enabled.
If FIPS compliant mode is not enabled, use the following to enable FIPS compliant mode:
- Log on to Windows as a Windows system administrator.
- Click Start, click Control Panel, and then click Administrative Tools.
You might have to switch to large icons for the next step.
- Click Local Security Policy. The Local Security Settings window appears.
- In the navigation pane, click Local Policies and then click Security Options.
- In the pane on the right, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Enabling the preceding setting might affect all applications on the machine.
- In the dialog box that appears, click Enabled, click Apply, and then click OK.
- Close the Local Security Settings window.
For more information, see this Microsoft Support article.
By default, storage zones controller can use cryptography modules that are not compliant with FIPS 140-2 standard. After installing storage zones controller and before running ConfigService: Customers must add the following code example to turn on FIPS 140-2 compliance in their controller.
<appSettings> <add key="fipsOnly" value="1" /> </appSettings>
Add the preceding code sample as a child of the
<configuration> element at the end of the following file:
Next, reset IIS and restart all ShareFile services. Alternatively, restart your machine.
Information Resource Management (IRM) is not supported.