Security and protection for SharePoint Server 2010

Article
11/15/2016

Applies to: SharePoint Foundation 2010, SharePoint Server 2010

This section provides information and best practices about how to make the Microsoft SharePoint Server 2010 system more secure and how to help protect data.

In this section:

Security Note
SharePoint Server 2010 uses several Windows encryption algorithms for computing hash values that do not comply with Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules. These algorithms are not used for security purposes; they are used for internal processing. For example, SharePoint Server 2010 uses MD5 to create hash values that are used as unique identifiers. Because SharePoint Server 2010 uses these algorithms, it does not support the Windows security policy setting that requires FIPS compliant algorithms for encryption and hashing. This Windows security policy is managed through the FIPSAlgorithmPolicy registry key in Windows, which is described in the "Configure FIPS policy for a mixed environment" section of the following topic: Additional System Countermeasures (https://go.microsoft.com/fwlink/p/?LinkId=209130) When you enable the FIPS compliant mode in Windows, you see errors that are described in the following Microsoft Knowledge Base article: KB 2000371: You receive an error message when you try to start a workflow with FIPS enabled (https://go.microsoft.com/fwlink/p/?LinkId=209131) FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security levels for products that implement cryptography. For more information about FIPS 140-2, see the following references: FIPS 140 Evaluation (https://go.microsoft.com/fwlink/p/?LinkId=209132) FIPS Publications (https://go.microsoft.com/fwlink/p/?LinkId=209157) The goal of FIPS is to provide a standardized way to ensure the security and privacy of sensitive information in computer systems of the United States and Canadian governments. Using a FIPS compliant algorithm for encryption of data over an open network is a key requirement for FISMA certification. The Windows FIPSAlgorithmPolicy registry key is neither necessary nor sufficient for FISMA certification, it is a useful enforcement tool for many solutions, but not SharePoint Server 2010. The FIPS contribution to FISMA certification is the strength of encryption used for security purposes. Security-related encryption within SharePoint Server 2010 is performed by using FIPS-compliant cipher suites. For additional information about FISMA, FISMA certification, and reverse proxy see the following articles: Federal Information Security Management Act (FISMA) Implementation Project (https://go.microsoft.com/fwlink/?LinkId=242329) Microsoft Office 365(https://go.microsoft.com/fwlink/?LinkId=215509) Microsoft News Center (https://go.microsoft.com/fwlink/?LinkId=242330) https://go.microsoft.com/fwlink/?LinkId=242339 (https://go.microsoft.com/fwlink/?LinkId=242339)

SharePoint Server 2010 uses several Windows encryption algorithms for computing hash values that do not comply with Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules. These algorithms are not used for security purposes; they are used for internal processing. For example, SharePoint Server 2010 uses MD5 to create hash values that are used as unique identifiers.
Because SharePoint Server 2010 uses these algorithms, it does not support the Windows security policy setting that requires FIPS compliant algorithms for encryption and hashing. This Windows security policy is managed through the FIPSAlgorithmPolicy registry key in Windows, which is described in the "Configure FIPS policy for a mixed environment" section of the following topic:

Additional System Countermeasures (https://go.microsoft.com/fwlink/p/?LinkId=209130)

When you enable the FIPS compliant mode in Windows, you see errors that are described in the following Microsoft Knowledge Base article:

KB 2000371: You receive an error message when you try to start a workflow with FIPS enabled (https://go.microsoft.com/fwlink/p/?LinkId=209131)

FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security levels for products that implement cryptography. For more information about FIPS 140-2, see the following references:

FIPS 140 Evaluation (https://go.microsoft.com/fwlink/p/?LinkId=209132)
FIPS Publications (https://go.microsoft.com/fwlink/p/?LinkId=209157)

The goal of FIPS is to provide a standardized way to ensure the security and privacy of sensitive information in computer systems of the United States and Canadian governments. Using a FIPS compliant algorithm for encryption of data over an open network is a key requirement for FISMA certification. The Windows FIPSAlgorithmPolicy registry key is neither necessary nor sufficient for FISMA certification, it is a useful enforcement tool for many solutions, but not SharePoint Server 2010.
The FIPS contribution to FISMA certification is the strength of encryption used for security purposes. Security-related encryption within SharePoint Server 2010 is performed by using FIPS-compliant cipher suites.
For additional information about FISMA, FISMA certification, and reverse proxy see the following articles:

Federal Information Security Management Act (FISMA) Implementation Project (https://go.microsoft.com/fwlink/?LinkId=242329)

Microsoft Office 365(https://go.microsoft.com/fwlink/?LinkId=215509)

Microsoft News Center (https://go.microsoft.com/fwlink/?LinkId=242330)

https://go.microsoft.com/fwlink/?LinkId=242339 (https://go.microsoft.com/fwlink/?LinkId=242339)

Security and protection for SharePoint Server 2010

See Also

Other Resources

Additional resources