FIPS compliance

Federal Information Processing Standards (FIPS) are a set of data handling guidelines published by the United States government for non-military government agencies and government contractors to follow.

FIPS compliance status

Datto RMM does not conform to FIPS. Our servers are not configured to handle the required encryption algorithms. Agent connectivity is affected. Devices may appear online and return audit data, but other functions are not accessible. This includes, but may not be limited to, component downloads, remote takeover, and file browser functions.

IMPORTANT  Devices that are configured for FIPS should not run Datto RMM and are not supported. The Datto RMM Agent Health Check tool can detect if a device is configured for FIPS. Refer to Agent Health Check tool.

The following error is commonly seen in log.txt when running a job on a device with FIPS enabled:

2018-10-25 11:32:49.2478 WARN (SoftwareJobWorker-40) - Could not download package 609d1778-444c-4d3b-af5f-c2815cb48dab System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
-- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create()
at CentraStage.Cag.Core.Agent.SoftwareJobWorker.VerifyAndExtractToFolder(String fileName, String destinationDir, SoftwareJobComponent comp)
at CentraStage.Cag.Core.Agent.SoftwareJobWorker.Execute(SoftwareJobComponent comp, Boolean downloadOnly, Boolean allowCache, Int32 downloadTimeOutMinutes)