https://www.sikich.com

Enabling FIPS Mode on Windows Servers

Joe Gehrke

Sep 26 2025

3 min read

One of the federal standards for cybersecurity compliance is the Federal Information Processing Standard (FIPS), which outlines security requirements for cryptographic modules used within federal systems. For organizations handling sensitive data or working with government contracts, enabling FIPS mode on Windows Servers is a critical step toward compliance and enhanced security.

What Is FIPS Mode?

FIPS mode enforces the use of validated cryptographic algorithms and modules that meet the FIPS standard. When enabled, Windows restricts the use of non-compliant cryptographic algorithms, ensuring that only approved methods are used for encryption, hashing, and signing operations.

This is particularly important in environments where data integrity and confidentiality are paramount, such as the healthcare, finance, and government sectors.

When Should You Enable FIPS Mode?

FIPS mode should be enabled when:

Your organization is required to comply with FIPS 140-2.
You handle sensitive or regulated data.
You want to enforce stricter cryptographic standards across your systems.

However, enabling FIPS mode can impact application compatibility. Some legacy applications or third-party software may rely on non-FIPS-compliant algorithms and could fail or behave unpredictably. Always test in a staging environment before deploying to production.

How to Enable FIPS Mode on Windows Server

Enabling FIPS mode is straightforward and can be done via Group Policy or the Windows Registry.

Method 1: Using Group Policy

Open the Group Policy Management Console (gpedit.msc).
Navigate to:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Find the policy:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Double-click the policy and set it to Enabled.
Click OK and close the console.
Reboot the server for the changes to take effect.

Method 2: Using the Registry Editor

Open the Registry Editor (regedit.exe).
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Set the Enabled DWORD value to 1.
Close the editor and restart the server.

Verifying FIPS Mode

To confirm that FIPS mode is active:

Open a command prompt and use gpresult /r /scope computer to check the applied policies.
Open PowerShell and type [System.Security.Cryptography.CryptoConfig]::AllowOnlyFipsAlgorithms

This should return True if FIPS mode is enabled.

Final Thoughts

Enabling FIPS mode on Windows Servers is a powerful way to enforce cryptographic compliance and bolster your organization’s security posture. However, it’s essential to balance security with compatibility. Always validate your applications and services in a controlled environment before rolling out FIPS mode across your infrastructure.

Have any questions how to enable FIPS mode on Windows Servers? Please reach out to our cybersecurity experts at any time!

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author

Joe Gehrke

Joe has over 13 years of experience working in the IT industry. He started my career in a small computer repair shop and continued to evolve his skills to take on new responsibilities as a Help Desk Administrator, Systems Administrator, and at his current role as a Senior Network Consultant in Sikich’s Network Operation’s Center. He has certifications from VMware, Microsoft, and SonicWall.