FIPS Compliance

You will see this option only if you have upgraded from a PolicyTech version earlier than 7.0. The method used to encrypt passwords in those versions (the widely-used MD5 message digest algorithm) does not meet the Federal Information Processing Standard (FIPS) requirements published by the United States government. To ensure FIPS compliance, users' passwords are re-encrypted using a FIPS-approved algorithm upon first login after PolicyTech has been upgraded to version 7.0 or later. You can use the FIPS Compliance option on the System / IT Settings menu to see how many users have logged in to the current version of PolicyTech and thus have had the encryption of their passwords converted. This option is removed once all passwords have been converted.

To check FIPS compliance,

  1. Click PREFERENCES.
  2. Click System / IT Settings, and then click FIPS Compliance.

Important: If you don't see the FIPS Compliance option, then all users' passwords are already encrypted using the FIPS-compliant algorithm.

  1. (Optional) If you want to disable all MD5-encrypted passwords immediately, click Enable FIPS compliance. This immediately makes PolicyTech FIPS-compliant, but you will then need to manually reset affected users' passwords before they can log in again (see Resetting a User's Password).