The Federal Information Processing Standards (FIPS 140-2) are a family of standards developed by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSE) in Canada.
These standards aim at ensuring computer security and interoperability.
All software solutions deployed by governments and highly regulated industries in the United States and Canada are required to comply with FIPS 140-2. This specifies which encryption and hashing algorithms may be used and governs how encryption keys can be generated and managed.
Milestone XProtect VMS products’ cryptographic functions are implemented using Microsoft’s Cryptography API, Next Generation (CNG) which are FIPS 140-2 compliant, allowing all XProtect VMS products to be operated in FIPS compliant mode.
The following XProtect products are FIPS 140-2 compliant:
- XProtect Corporate
- XProtect Expert
- XProtect Professional+
- XProtect Express+
Although the FIPS 140-2 standard is a US and Canadian standard, any organization in any country that handles sensitive data — such as financial institutions, healthcare organizations, and technology companies — may request FIPS-140 compliance as it ensures information is protected with standard approved cryptographic functions.
Microsoft Windows OS and Milestone XProtect VMS and devices are not configured for FIPS 140-2 compliance straight out of the box. You need to configure each part of the software system for FIPS 140-2 compliance. Information on how to do this can be found in the FIPS 140-2 compliance section of our XProtect VMS hardening guide.
Additionally, any devices must be FIPS compliant and correctly configured. Information on how to configure devices, and the list of devices that Milestone has validated as supporting FIPS-compliant operation can be found in our Drivers and FIPS 140-2 section of XProtect VMS hardening guide.