Don't miss out Virtual Happy Hour this Friday (April 26).
Try our conversational search powered by Generative AI!
AI OnAI Off
Add Support for FIPS so that Episerver Can Run on Government Servers
This feature request was addressed in https://nuget.episerver.com/package/?id=EPiServer.CMS.UI.Core&v=11.9.1
CMS is now FIPS compliant.
Oct 11, 2018 11:07
This thread is locked and should be used for reference only.
Many government agencies are required by law to enable FIPS mode on their servers. However, it is not currently possible to run Episerver with FIPS mode enabled.
Episerver Support has identified two bugs where MD5 encryption is being used, and fixing these may address the FIPS concern, but because FIPS is not officially supported, no testing is being performed to ensure its requirements are met.
This is not a good experience for government agencies that find out after purchasing Episerver that they can't use it, which is the situation in which we unfortunately found ourselves.
It doesn't help that the Episerver Compliance page includes a link to Microsoft's FIPS validation compliance, leading users to believe that Episerver is compliant as well.