Deploy XProtect 2020 R3 in a
FIPS 140-2 compliant mode
Milestone XProtect® 2020 R3 meets the latest security requirements, allowing federal government agencies required to comply with FIPS 140-2, to operate XProtect in a FIPS compliant mode
About FIPS
FIPS & XProtect
FIPS toolbox
Device connections
About FIPS
FIPS stands for Federal Information Processing Standards. It is a set of standards that describe encryption algorithms and other information technology processes for use within non-military federal government agencies and by government contractors and vendors who work with these agencies across the United States and Canada.
FIPS is developed by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE) in Canada.
Federal Information Processing Standards 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards.
FIPS 140-2 specifies what encryption modules are approved and prohibits agencies from using unapproved cryptography on sensitive data within the federal government.
All software solutions deployed in US government installations and in highly regulated industries such as healthcare and finance in North America are required to comply with this standard.
FIPS is developed by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE) in Canada.
Federal Information Processing Standards 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards.
FIPS 140-2 specifies what encryption modules are approved and prohibits agencies from using unapproved cryptography on sensitive data within the federal government.
All software solutions deployed in US government installations and in highly regulated industries such as healthcare and finance in North America are required to comply with this standard.
FIPS & XProtect
To meet the needs of customers required to comply with FIPS 140-2, Milestone made all necessary developments in XProtect 2020 R3 that meet FIPS requirements. These developments include using only FIPS approved cryptography modules such as Microsoft’s Cryptography New Generation (CNG). Such developments allow users to operate XProtect 2020 R3 in a FIPS 140-2 compliant mode in Windows.
Users required to comply with FIPS must upgrade to XProtect 2020 R3
Users required to comply with FIPS must upgrade to XProtect 2020 R3
To configure XProtect 2020 R3 to operate in a FIPS 140-2 compliant mode, users must:
- Enable FIPS security policy in Windows OS
- Ensure third-party integrations can run on a FIPS enabled Windows OS
- Connect devices in a way that ensures a FIPS compliant mode of operation
- Ensure data in the media database is encrypted with FIPS approved encryption modules
FIPS toolbox
To configure XProtect 2020 R3 to operate in a FIPS 140-2 compliant mode, it is imperative to make sure that sensitive data is encrypted according to the standard. Milestone built a unique upgrade process for customers required to comply with FIPS 140-2.
Use our recommendations, best practices, and guidelines specified in the tools below to learn more about how to configure your XProtect video surveillance system to operate in a FIPS 140-2 compliant mode.
Use our recommendations, best practices, and guidelines specified in the tools below to learn more about how to configure your XProtect video surveillance system to operate in a FIPS 140-2 compliant mode.
System Hardening Guide
A comprehensive guide providing thorough information on FIPS 140-2 and a step by step manual to guide you through the upgrade process.
Solution Presentation
Designed to help you understand the requirements specified in FIPS 140-2 and provides a visual description of the required upgrade process.
Solution Brief
All you need to know about FIPS 140-2, its business impact, and how to operate XProtect in a FIPS compliant mode.Device connections
XProtect 2020 R3 can guarantee a FIPS 140-2 compliant mode of operation when communicating with devices if:
1.Only specified drivers are used to connect to the devices (see below)
2.Device pack version 11.1c (August 2020) or later is used
3.Connection to devices is over HTTPS or SRTP/ (RTSP over HTTPS), for the video stream
4.FIPS is enabled on Windows OS on the Recording Server machine
2.Device pack version 11.1c (August 2020) or later is used
3.Connection to devices is over HTTPS or SRTP/ (RTSP over HTTPS), for the video stream
4.FIPS is enabled on Windows OS on the Recording Server machine
- FIPS compliancy will not be enforced in systems that can’t adhere to the FIPS 140-2 device connectivity requirements so that device connectivity can be upheld. XProtect will not operate in a FIPS 140-2 compliant mode in this case.
- The driver modules can't guarantee FIPS 140-2 compliancy for a connection over HTTP or over HTTPS without support for TLS1.2.
- Drivers from the Legacy Driver Device pack can't guarantee a FIPS 140-2 compliant connection under any circumstance.
- The use of ONVIF or Universal Drivers that are not specified for a given device on the Milestone Supported Devices page, can lead to changes of functionality and additional license cost
COMPLIANT DEVICE DRIVERS
Device drivers that guarantee a FIPS 140-2 compliant mode of operation
Compliant device drivers
FIPS 140-2 compliant