Microsoft no longer recommends "FIPS mode" - Enterprise DT (2024)

FAQs

Why are we not recommending FIPS mode anymore Microsoft? ›

There's multiple reasons, but one is that the . NET framework that most Microsoft applications are coded in supplies both FIPS and non-FIPS versions of the same cryptographic algorithms. The non-FIPS versions have been available much longer (and so are used more widely) and are usually much faster.

You shouldn't enable this setting unless you're using a government computer and are forced to. If you do enable this setting, some consumer applications may actually ask you to disable FIPS mode so they can function properly.

FIPS 140-2 test reports that remain in the CMVP queue will still be granted validations after that date, but all FIPS 140-2 validations will be moved to the Historical List on September 21, 2026 regardless of their actual final validation date.

Who needs to be FIPS compliant? The main organizations that are required to be FIPS 140-2 compliant are federal government organizations that either collect, store, share, transfer, or disseminate sensitive data, such as Personally Identifiable Information.

FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within U.S. non-military government agencies and by U.S. government contractors and vendors who work with the agencies.

The Federal Information Processing Standard (FIPS) Publication 140 is a U.S. government standard that defines the minimum-security requirements for cryptographic modules in IT products. This topic introduces FIPS 140 validation for the Windows cryptographic modules.

What are the restrictions of FIPS mode? ›

To achieve FIPS 140-2 validation or certification, all components of a security solution, including both hardware and software, must undergo testing and approval by one of the NIST-accredited independent laboratories.

Disable the FIPS mode on Windows

If FIPS is enabled, Windows can only use FIPS-validated encryption and advises all applications to do so as well. Other encryption schemes are blocked, even if they are newer, faster, and more secure. Because of this, disabling the FIPS mode will not cause any security issues.

Definitions: A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce.

Third-Party Evaluation. FIPS compliance relies on self-declaration by the organization responsible for the product, whereas FIPS validation involves a third-party evaluation by a NIST-accredited laboratory.

"FIPS mode" doesn't make Windows more secure. It just blocks access to newer cryptography schemes that haven't been FIPS-validated. That means it won't be able to use new encryption schemes, or faster ways of using the same encryption schemes.

As of April 1, 2022, FIPS PUB 140-3 Security Requirements for Cryptographic Modules supersedes FIPS 140-2 for new submissions. Products certified to FIPS 140-2 can remain valid for 5 years after validation.

Cryptographic capabilities are employed to protect the confidentiality, integrity, and availability of data within Office 365. The modules and ciphers used are Federal Information Processing Standards (FIPS 140-2) validated.