Add Support for FIPS so that Episerver Can Run on Government Servers

Vote:
 

Many government agencies are required by law to enable FIPS mode on their servers. However, it is not currently possible to run Episerver with FIPS mode enabled.

Episerver Support has identified two bugs where MD5 encryption is being used, and fixing these may address the FIPS concern, but because FIPS is not officially supported, no testing is being performed to ensure its requirements are met.

This is not a good experience for government agencies that find out after purchasing Episerver that they can't use it, which is the situation in which we unfortunately found ourselves.

It doesn't help that the Episerver Compliance page includes a link to Microsoft's FIPS validation compliance, leading users to believe that Episerver is compliant as well.

#197143
Sep 24, 2018 16:33
Vote:
 

This feature request was addressed in https://nuget.episerver.com/package/?id=EPiServer.CMS.UI.Core&v=11.9.1

CMS is now FIPS compliant.

#197718
Oct 11, 2018 11:07
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.