FIPS Compliance

By default, Veeam backup infrastructure components use platform-provided cryptographic APIs and FIPS-compliant Veeam Cryptographic Module to meet NIST CMVP cryptographic and security requirements. Additionally, you can enable FIPS-compliant operation mode. It restricts connections to non-FIPS compliant platforms and runs self-tests to ensure that encryption modules are valid and work properly.


To make your backup infrastructure FIPS-compliant follow vendor recommendations. For more information on Microsoft Windows Server, see this article.

To enable the FIPS-compliant operation mode:

  1. From the main menu on the backup server, select General Options.
  2. Open the Security tab.
  3. In the FIPS compliance section, select the Enable FIPS-compliant operation mode check box.
  4. Click OK.


Consider the following for backup infrastructure components based on Linux servers with persistent Veeam Data Movers:

  • After you select or clear the selection of the Enable FIPS-compliant operation mode check box, you must open the Edit Linux Server wizard for each Linux server with the persistent Veeam Data Mover and proceed to the end of the wizard. This will update server settings. If you do not update the settings, the servers will be unavailable.
  • In Veeam Backup & Replication version 11, the component of persistent Linux Veeam Data Mover that is responsible for data processing launch cannot operate in the FIPS-compliant mode. However, components responsible for data processing itself can operate in this mode. Starting from Veeam Backup & Replication version 11a, whole Data Mover can become FIPS-compliant.

FIPS Compliance