Enabling FIPS 140-2 Camera Communications

You can enable compliance with the Federal Information Processing Standard (FIPS) 140-2 Level 1 Security Requirements for Cryptographic Modules for Server and camera communication as an option to the standard OpenSSL cryptographic engine in the Client, the Camera Configuration Tool, or the camera's web interface.

FIPS 140-2 Level 1 requires the purchase of a FIPS camera license.

Setting the Encryption Mode in the Client

The following steps are completed using the Client.

FIPS 140-2 Level 1 encryption requires that you have the CAM-FIPS license in addition to the standard camera channel license for each camera.

To select an encryption engine to be used on an Avigilon device:

  1. In the New Task menu , click Site Setup.
  2. Select a device, then click Networkthe Network button.
  3. Select FIPS 140-2 Level 1 from the Encryption Mode: list to enable encrypted communications for the device. Enabling FIPS 140-2 Level 1 may cause your device to reboot.
  4. Click OK.

The following documents can provide additional guidance:

Setting the Encryption Mode in CCT

The following steps are completed using the Camera Configuration Tool. For more information about using the Camera Configuration Tool, see the Camera Configuration Tool User Guide.

  1. Select the TLS tab.
  2. In the Encryption Mode column, use the drop-down list for each camera to select the type of encryption to use:
    • OpenSSL is the default option for encryption.
    • FIPS 140-2 Level 1 enables FIPS 140-2 level 1 encryption.
  3. At the bottom-right corner of the window, click Apply.

    Changing this setting on your camera will require your camera to reboot and you will lose the video stream for that time. Avigilon recommends that you apply this setting during non-critical operating times. Applying this setting on a single camera can take from 1 to 5 minutes.

The new encryption mode settings are implemented on the cameras.

Setting the Encryption Mode in the Camera Web UI

The following steps are completed using the camera's web interface. For more information about using the camera's web interface, see the appropriate device Camera Web Interface Guide, which can be found at help.avigilon.com.

  1. Go to the AdvancedNetwork setup page.
  2. In the Encryption Engine drop-down list, select the type of encryption to use:
    • Open SSL is the default option for encryption.
    • FIPS 140-2 enables FIPS 140-2 level 1 encryption.
  3. Click Apply to save your settings.

    Changing this setting on your camera will require your camera to reboot and you will lose the video stream for that time. Avigilon recommends that you apply this setting during non-critical operating times.