FIPS Compliance

The Federal Information Processing Standard 140-1 (FIPS 140-1) and its successor FIPS 140-2 are United States Government standards that provide a benchmark for implementing cryptographic software. They specify best practices for implementing crypto algorithms, handling key material and data buffers, and working with the operating system. Both IPSec and the Encrypting Files System (EFS) in Windows 2000, Windows Server 2003 and Windows XP use the FIPS-140-1 evaluated Kernel Mode Cryptographic Module to encrypt the traffic packet data and file contents respectively if configured appropriately with the selections of FIPS compliant algorithms.

The FIPS-compliant, kernel-mode, crypto module lets organizations deploy FIPS 140-1-compliant, Internet Protocol Security (IPSec) implementations using:

  • L2TP (Layer Two Tunneling Protocol)/IPSec VPN client and server.

  • L2TP/IPSec tunnels for gateway-to-gateway VPN connections.

  • IPSec tunnels for gateway-to-gateway VPN connections.

  • IPSec-encrypted, end-to-end, network traffic between client and server, and server to server.

You can use FIPS 140-1-compliant security by configuring IPSec by using Global Policy. For more information about using IPSec, see the "IP Security (IPSec)" section in this guide. For more information about Global Policy, see the Windows documentation.

You can also use FIPS compliant algorithms by enabling the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting in Global Policy or Local Policy.