Enabling FIPS Compliance for Blueprint Reports

Blog Post created by rvitek on Oct 24, 2017

What is FIPS Compliance?

FIPS (Federal Information Processing Standards) is a standard that dictates cryptographic implementation and is used primarily in U.S. government-based computing environments. When Microsoft Windows is configured to be FIPS compliant, it forces the operating system, and the applications running on it, to only use approved cipher methods. For example, when FIPS is enabled, the operating system will not send, or accept, SSL 2.0 or 3.0 ciphers. Instead, it will only allow TLS 1.0 at the very least. Please note that enabling FIPS compliance in Microsoft Windows does not make your computing environment more secure. Rather, it simply more rigorously enforces the cryptographic approach of the server and the subsequent client environment...and has the potential for breaking some applications' operation.


I'm Not the U.S. Government; Why Do I Care?

Support for Windows servers only offering the TLS 1.2 cipher began with Service Pack 3 for Pharos Blueprint Enterprise 5.2. If the Windows server infrastructure hosting Blueprint Enterprise is being hardened to support TLS 1.2 as the only cipher available, then you must configure Windows for FIPS compliance if you wish to view the built-in Blueprint Reports. This configuration is necessary due to the SAP Crystal Reports integration within Blueprint Reports. This configuration is not required if you are allowing lower-versioned ciphers in the Windows environment.


Configuring Windows for FIPS

To enable FIPS you must set the following registry key to a value of 1:


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy] "Enabled"=dword:00000001


For more information please see the following from Microsoft: