Easy Tune and FIPS

What is FIPS

FIPS is an acronym for Federal Information Processing Standards and is a collection of standards and requirements for use in American governmental agencies. They are designed to ensure a level of security and interoperability. Whilst these are usually only requirements for governmental organisations, many of the security focused standards make their way into computer security recommendations (such as the Microsoft Security Baselines and the Center for Internet Security Benchmarks).

FIPS 140

The FIPS 140 series of standards focuses on coordinating cryptographic requirements. In a hardened Windows Server environment this often boils down to the 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' group policy object.

A quick way to check if this is in use or not is to call Get-FileHash using the MD5 algorithm in PowerShell:

Get-FileHash -Path ./ -Algorithm MD5

This would produce an exception similar to the following:

In version 1 of Easy Tune the MD5 algorithm was used as part of our override validation processes. Version 2 has updated this to use the SHA1 algorithm and testing with the 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' group policy object enabled has been performed as part of the release.