Product Documentation

Enable FIPS 140-2 mode with StorageZones Controller Configuration

Nov 09, 2017

Before applying the following configuration for ShareFile, validate that the FIPS mode is enabled on Windows Server. To do so: 

  1. Launch the registry editor (regedit).
  2. Browse to the path: HKEY_LOCAL_MACHINE\SOFTWARE\PowerShell\Server\16
  3. Check for the registry value UseFIPSCompliantAPI.
  4. If the value data (DWORD) is 1, FIPS compliant mode is enabled.

If FIPS compliant mode is not enabled, use the following to enable FIPS compliant mode:

  1. Log on to Windows as a Windows system administrator.
  2. Click Start, click Control Panel and then click Administrative Tools. Note: You may have to switch to large Icons for the next step.
  3. Click Local Security Policy. The Local Security Settings window appears.
  4. In the navigation pane, click Local Policies and then click Security Options.
  5. In the pane on the right, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
    Note: Enabling the preceding setting may affect all applications on the machine.
  6. In the dialog box that appears, click Enabled, click Apply and then click OK.
  7. Close the Local Security Settings window.

For more information, see this Microsoft Support article

By default, StorageZones Controller may use cryptography modules that are not compliant with FIPS 140-2 standard. After installing StorageZones Controller and before running ConfigService: Customers must add the following code example to turn on FIPS 140-2 compliance in their Controller.

Code Copy

<appSettings>
<add key="fipsOnly" value="1" />
</appSettings>

Add the preceding code sample as a child of the <configuration> element at the end of the following file:

C:\Windows\Microsoft.NET\Framework\v4.0.x\Config\machine.config

Next, reset IIS and restart all ShareFile services. Alternatively, restart your machine.

Note

Information Resource Management (IRM) is not supported.