Datto RMM: FIPS compliance

Topic

This article discusses Datto RMM and FIPS compliance. 

Environment

• Datto RMM

Description

Federal Information Processing Standards (FIPS) are a set of data handling guidelines published by the United States government for non-military government agencies and government contractors to follow.

FIPS compliance status

Datto RMM does not conform to FIPS. Our servers are not configured to handle the required encryption algorithms. Agent connectivity is affected. Devices may appear online and return audit data, but other functions are not accessible. This includes, but may not be limited to, component downloads, remote takeover and file browser functions.

A common error seen in log.txt when running a job on a device with FIPS enabled is below:

2018-10-25 11:32:49.2478 WARN (SoftwareJobWorker-40) - Could not download package 609d1778-444c-4d3b-af5f-c2815cb48dab System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
-- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create()
at CentraStage.Cag.Core.Agent.SoftwareJobWorker.VerifyAndExtractToFolder(String fileName, String destinationDir, SoftwareJobComponent comp)
at CentraStage.Cag.Core.Agent.SoftwareJobWorker.Execute(SoftwareJobComponent comp, Boolean downloadOnly, Boolean allowCache, Int32 downloadTimeOutMinutes)

Additional Resources

• Current FIPS | NIST (external link)