Enabling FIPS Cryptography for Avigilon Devices

When an encrypted connection is selected for your Avigilon device, your device may support a choice of FIPS 140-2 cryptographic technologies as an option to the standard OpenSSL cryptographic engine for encrypting communications between the camera and the ACC Server.

The FIPS 140-2 Level 1 option for a supported Avigilon device, switches from OpenSSL cryptography to a FIPS 140-2 Level 1 (software) cryptographic engine. The NXP TPM option can be enabled for supported devices that have a Trusted Platform Module (TPM) installed. Note that enabling these options requires a CAM-FIPS license for the device, to be activated on the ACC site.

CRYPTR FIPS 140-2 Level 3 (tamper protected) cryptography can be enabled by installing a CRYPTR card in a supported Avigilon device. The license for this engine is included with the CRYPTR card, so no CAM-FIPS license is required for this mode.

To select a cryptography option to be used on an Avigilon device:

  1. In the New Task menu , click Site Setup.
  2. Select a device, then click Network the Network button.
  3. Select FIPS 140-2 Level 1, NXP TPM, or CRYPTR FIPS 140-2 Level 3 from the Encryption Mode: list to enable encrypted communications for the device.

    Enabling FIPS 140-2 Level 1, NXP TPM, or CRYPTR FIPS 140-2 Level 3 may cause your device to reboot.

    Important: The CRPYTR card stores the certificates and keys inside its tamper-proof memory. New certificates and keys must be created after installing the CRYPTR card and switching to the CRYPTR FIPS 140-2 Level 3 mode. The Camera Configuration Tool (CCT) can be used to request a new Certificate Signing Request (CSR) from the CRYPTR card and to upload the new certificate after being signed by the Certificate Authority (CA) into the CRYPTR card. For more information, see the Camera Configuration Tool User Guide.

  4. Click OK.