Edit this page

FIPS Compatibility


FIPS stands for Federal Information Processing Standard. This standard imposes some restrictions on the algorithms used for encryption/decryption and hashing. The operating systems have many different algorithm types, but only part of them are actually FIPS compliant.


Starting from Q3 2011, Telerik UI for ASP.NET AJAX officially supports the FIPS standard. This includes Word and all Excel export formats, but without PDF.
Please note that starting from Q2 2013 PDF export is FIPS compliant.

There are at least two ways to enforce the FIPS compliance:

  • Via the security policies:Open Administrative Tools and then go to Local Security Policy applet (or press WinKey+R and enter 'secpol.msc'). Expand LocalPolicies, Security Options and scroll down to"System cryptography: Use FIPS compliant algorithms for encryption,hashing and signing".

  • By editing the corresponding registry key directly:Open the Registry Editor and then expand HKEY_LOCAL_MACHINE,System, CurrentControlSet, Control, Lsa then select theFIPSAlgorithmPolicy key. There, you will find a DWORD value which should be set to 0 (0x00000000) for disabled and 1 for enabled.

Note that in NET 3.5 environment, the default ViewState validation algorithm (SHA1) is not FIPS compliant. In this case you may need to change the default algorithms to 3DES as shown below:

<machineKey validationKey="AutoGenerate,IsolateApps" 
     decryption="3DES" />

This is not needed for .NET 4.0 where the default validation is set to HMACSHA256.


Setting <compilation debug="true" /> inweb.config will cause FIPS exception. You can find a possible workaround here:
Visual Studio 2008 cannot debug with FIPS enabled


FIPS compliant algorithm means that it is supported by the FIPS 140 standard.

See Also