Configure LogRhythm XM for FIPS Mode

The XM Appliance is a single-machine deployment that runs all LogRhythm services. There are no off-box communications to configure for FIPS mode. Starting with LogRhythm 7.8, the XM Appliance is FIPS 140-2 certified. For more information on the status of LogRhythm SIEM 7.8 and its components, see the CMVP Modules in Process List. 

System Requirements

Operating System

Windows 2016

Processor

Intel Xeon Silver 4114

Services Within the Logical Crypto Boundary

• LogRhythm Core Services
• LogRhythm Administration
• LogRhythm Web Console Services
• LogRhythm AIE Services
• LogRhythm API Services
• LogRhythm DX Services
• API Gateway
• Service Registry
• Notification Service
• TIS Client
• SQL Service
• Windows Authentication Service

Prerequisites

• Create Windows service accounts for the LogRhythm core services. This is required when running in FIPS-approved mode. For more information, see Configure User Access Control for FIPS Mode.

Configure the Windows OS for FIPS Mode

Configuring Windows for FIPS mode ensures all .NET services and SQL server uses only FIPS-approved encryption algorithms.

1. Log on to Windows as a Windows system administrator.
2. Click Start, Control Panel, and Administrative Tools.
3. Click Local Security Policy.  
4. The Local Security Settings window appears.
5. In the navigation pane, click Local Policies, and then click Security Options.
6. In the right-side pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
7. In the dialog box that appears, click Enabled, and then click Apply.
8. Click OK.
9. Close the Local Security Settings window.
10. Restart the computer for the change to take affect.

Download and Install the LogRhythm FIPS Package

1. Download the LogRhythm FIPS package (lrdpawc_fips.zip), available on the LogRhythm Community.

   

   The package consists of several applications that are required for running the LogRhythm in FIPS mode.

2. Create the directory C:\Program Files\LogRhythm\LogRhythm FIPS.
3. Unzip the contents of lrdpawc_fips.zip into that directory.
   The package contains:
   
   • LogRhythm FIPS SIT application and .hsh file – lrsitapp.exe and dxsvcs.hsh
   • OpenSSL 1.0.2u with FIPS Module 2.0.16 - libeay32.dll and ssleay32.dll.  Used by lrsitapp.exe.

4. Restart all the LogRhythm services and the SQL server service.

   

   Each LogRhythm service will indicate it is operating in FIPS-approved mode in its respective application log.