Skip to main content

Alteryx Server-FIPS

Alteryx Server FIPS version 2022.2 is the first release of Server that offers a FIPS 140-2 capable option for customers that require FIPS compliance. Please note that these standards are developed by the US National Institute of Standards and Technology (NIST) for use by US government agencies and contractors. For more information about FIPS, go to the NIST FIPS FAQ page.

The general (non-FIPS) release version of Alteryx Server is not FIPS capable. A separate release (and installer) is available under separate license terms for our FIPS 140-2 customers.

Feature Differences in the Current FIPS 140-2 Release

注意

Server Versus Server-FIPS

Server-FIPS 2022.2 has a few features that are not available or limited in function when compared to the previous non-FIPS Server releases. See the list below for reference. We plan to make many of these features available again in future Server-FIPS releases.

Excluded or Limited Features

To learn about Server features that are not available, or have limited functionality, in the current Alteryx Server-FIPS release, go to Alteryx Server and Server-FIPS: Feature Differences help page.

Other Updates in the Current FIPS 140-2 Release

TLS Enabled for All Services

AlteryxService now supports TLS for internal and direct service layer communication. For the FIPS version of Server, TLS is enabled for all services and cannot be disabled. For more information, go to the System Settings help page.

End User License Agreement

We updated the End User License Agreement (EULA) information to a FIPS-specific EULA. This is available under the End User License Agreement option in the help menu dropdown.

Analytic App Fields Encryption

Analytic app fields are not encrypted in this release. If you have personal identifying information (PII) in the analytic app fields, that data will not receive extra protection. Therefore we recommend you do not put PII (Personal Identifying Information) or other secure information in the analytic app fields.

FIPS 140-2 Certified Cryptographic Modules Used by Alteryx Server

  • OpenSSL version 3.0.0 – OpenSSL FIPS Provider – Review Pending – algorithm certs (A1938)[1]

  • Windows 10 - Cryptographic Primitives Library - Certificate #3197

Notes

[1]: Alteryx does not have an option to have our build of OpenSSL 3.0.0 FIPS 140-2 certified, as CMVP is no longer accepting FIPS 140-2 submissions for new validation certificates. This means we will have to wait for OpenSSL FIPS Provider certification to be issued by NIST and will then transition to using the certified OpenSSL FIPS Provider, once it is available.