The Federal Information Processing Standard 140-1 (FIPS 140-1) and its successor FIPS 140-2 are United States Government standards that provide a benchmark for implementing cryptographic software. They specify best practices for implementing crypto algorithms, handling key material and data buffers, and working with the operating system. Both IPSec and the Encrypting Files System (EFS) in Windows 2000, Windows Server 2003 and Windows XP use the FIPS-140-1 evaluated Kernel Mode Cryptographic Module to encrypt the traffic packet data and file contents respectively if configured appropriately with the selections of FIPS compliant algorithms.
The FIPS-compliant, kernel-mode, crypto module lets organizations deploy FIPS 140-1-compliant, Internet Protocol Security (IPSec) implementations using:
- L2TP (Layer Two Tunneling Protocol)/IPSec VPN client and server.
- L2TP/IPSec tunnels for gateway-to-gateway VPN connections.
- IPSec tunnels for gateway-to-gateway VPN connections.
- IPSec-encrypted, end-to-end, network traffic between client and server, and server to server.