Article ID: 2784079 - View products that this article applies to.
IntroductionFederal Information Processing Standard (FIPS) 140 – Security Requirements for Cryptographic Modules [FIPS 140] is a U.S. Federal government standard that defines a minimum set of security requirements for products that implement cryptography. The standard is designed for cryptographic modules that are used to help secure sensitive, but unclassified information.
FIPS 140-1, the original working version of the standard, became official on January 11, 1994 and was in effect until May 25, 2002, when FIPS 140-2 became the mandatory standard for new products. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the National Institute of Standards (NIST) and the Communications Security Establishment of Canada (CSEC).
Microsoft Windows has a long history of participation in the CVMP under FIPS 140-2.
Note For more information about the details of Microsoft’s participation in the program, refer to the Technical Article FIPS 140 Evaluation at http://technet.microsoft.com/en-us/library/cc750357.aspx
In most cases, the CMVP does not certify the whole application space, only the critical cryptographic service components. Therefore the specific modules that have successfully completed the testing program can claim to be “FIPS Certified”. All other higher layer applications that use these certified components can be said to be “FIPS compliant” or “Operating in FIPS mode” or “uses FIPS technology”.
Requirements for FIPS 140-2 Compliance with Microsoft Dynamics CRMSetting up a FIPS compliant operating environment requires running the following:
Windows ServerThe first step in configuring a FIPS 140-2 compliant operating environment is to configure the computer that is running Windows Server 2008 R2 SP1 x64 by enabling the FIPS security setting. To enable the Windows Server FIPS security setting either in the Local Security Policy or as part of Group Policy, follow these steps:
When the SQL Server 2008 service detects that FIPS mode is enabled at startup, SQL Server 2008 logs the following message in the SQL Server error log:
Additionally, the following message may be logged in the Application log:
To make sure that the server is running in FIPS compliant mode, locate and verify the existence of the first (and possibly the second) message.
Special Considerations for Deployments with Windows Network Load BalancingFor Microsoft Dynamics CRM 2011 deployments with Windows Network Load Balancing (NLB), compliancy with FIPS 140-2 requires that configuration change to the .Net machine config.xml file on the CRM Web Servers.
To ensure FIPS compliancy for Microsoft Dynamics CRM 2011 implementations leveraging NLB, follow these steps:
Add Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM Email\MSCRMFIPSCompliance = 1 (Dword) on Email Router server then install Email Router.
Microsoft Dynamics CRM client for Microsoft Office Outlook
Please see the following article:
Error message when you try to configure the Microsoft Dynamics CRM 4.0 client for Outlook: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms"
If the Microsoft Dynamics CRM 2011 platform is configured by using the procedures here, Microsoft Dynamics CRM 2011 will exclusively use FIPS Certified algorithms and components for all covered cryptographic functions and will therefore be operating in FIPS 140-2 compliant mode.
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.