DELTRA Orgamax vs. FIPS Compliance

Conditions

    • Operating system: Windows 10 version 2004
    • Patch level: Latest patches installed, as of 16.12.2020
    • Hardening configuration: Windows 10 hardened according to MS Security
    • Baselines, CIS and DISA. FIPS compliance is also configured
    • Deltra OrgaMax version: 21.00.01.001

Problem

Orgamax is simply terminated shortly after starting. An entry in the Windows event log indicates that an algorithm that is no longer recommended is being used.

Assumption

Rjiandael as an algorithm is deactivated in the “FIPS compliance” configuration and the use of the algorithm is prevented.

However, Orgamax apparently uses this algorithm for various (internal) encryption routines.

Solution approach

Overview

Ideally, the manufacturer should update its product to use state-of-the-art algorithms. However, as long as this is not the case, one of the following options will help.

Option 1: Disable FIPS compliance

In the “Local Security Policies”, the option “System cryptography: Use FIPS compliant settings for encryption, hashing and signing” is deactivated.

Links / References

    • Disabling FIPS Complaint Encryption on Windows – Knowledge Base on CivilGEO
    • Why we no longer recommend “FIPS mode” – Microsoft Tech Community
    • Why you should not enable “FIPS compliant” encryption on Windows (howtogeek.com)

Leave a Reply