FIPS 140: Security Requirements for Cryptographic Modules

b6109218-a32b-479a-8465-055340a1759c

FIPS Mode must be enabled at Windows OS level to comply Fips140-2: This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.

Remediation

Enable FIPS 140-2 Mode in Windows by GPO or Registry.

GPO:
Computer Configuration
|_ Windows Setting
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ System cryptography: Use Fips complianace... -> Set to Enabled

Registry:
Set HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\
Enabled -> Set to 1.

GPO: https://medium.com/@asifhameedkhan/enabling-fips-140-2-on-windows-10-520673c030a9
Registry: https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/certifications/enable-and-verify-fips-cc-mode/enable-fips-cc-mode-using-the-windows-registry.html

NIST 800-171: 3.13.7, 3.13.8, 3.13.11