Enabling FIPS 140-2

kchongMITRE · ‎06-18-2020

GM!

We currently have Splunk 7.2.3 and there is a STIG requirement to turn on the FIPS setting. According to the STIG, the only way to turn it on is to reinstall or upgrade the software. Is that correct?

If I choose to reinstall 7.2.3 without first uninstalling it, will that work? What is the Windows command to query the FIPS status on the Splunk server?

richgalloway · ‎06-18-2020

FIPS has to be enabled before starting Splunk for the first time. Enable FIPS in the config files. Furthermore, FIPS is only supported on Linux systems so there's no Windows command to query the FIPS setting. See https://docs.splunk.com/Documentation/Splunk/8.0.4/Security/SecuringSplunkEnterprisewithFIPS

---
If this reply helps you, Karma would be appreciated.

kchongMITRE · ‎06-19-2020

Thanks for the quick response!

I am having some authentication issue. When running Splunk command in the Command Prompt, I am able to logon as admin. However, when I tried to logon using admin through the web UI, I am not able to log on at all. Also, I am not able to logon using my AD account neither. Any idea?

richgalloway · ‎06-19-2020

You should post a new question since this is not related to FIPS.

---
If this reply helps you, Karma would be appreciated.

Enabling FIPS 140-2

configuration

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!