MOSS 2007 & FIPS Compliance

Question

I'm looking to set up MOSS 2007 (unfortunately we can't use 2010) in a FIPS-compliant way. We will be using Server 2008 (or R2) in FIPS compliance mode and will be using SQL 2008 with TDE and FIPS-Compliance.

I've tried to read around on the subject but haven't found much.

This post on Egghead cafe seems to suggest that I need to do the following:

• Install MOSS 2007
• Install all updates, patches, etc. to ensure the latest version (which includes FIPS cryptography)
• Update the machineKey setting to use the 3DES algorithm.
• Create the SharePoint site.

Is there more to it than this, or any pitfalls I might need to avoid? I am relatively new to SharePoint installations and am trying to beef up a little bit before jumping in.

Thanks in advance for any help you can give! I love the StackExchange network sites and hope SharePoint Overflow can once again help enlighten me :)

All the best, Sean

Answer 1

You can do this for new or existing deployments.

Ensure you have Windows FIPS settings configured either thru GP or Reg.

Update config files with this line:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

Force a policy update and restart IIS.

SharePoint will work in a FIPS compliant configuration without WorkFlows.

Windows Workflow Foundation doesn't support 3DES encryption and so workflows will error out. http://support.microsoft.com/kb/2000371