FIPS validation FAQ¶

What is FIPS validation?¶

Federal Information Processing Standards (FIPS) validation is a U.S. government standard that ensures cryptographic modules meet specific security requirements. It is designed to protect sensitive information and ensure secure communication in federal systems. FIPS validation requires that all credentials used in DataRobot, particularly Snowflake Basic credentials and key pairs, adhere to FIPS-compliant formats.

What are the requirements for FIPS-compliant credentials?¶

FIPS-compliant credentials must meet the following requirements:

• RSA keys must be at least 2048 bits in length, and their passphrases must be at least 14 characters long with a salt length of at least 16 bytes (128 bits).
• Snowflake key pair credentials must use a FIPS-approved algorithm and have a salt length of at least 16 bytes (128 bits).

Credentials must be individually inspected by the user to ensure they meet the FIPS requirements. This can be done using the Credential management page:

For details on how to manage credentials, see Credentials management.

What is the impact?¶

The credential requirements will be enforced in all production environments starting in July 2025 for multi-tenant SaaS users and with the 11.2 release for self-managed on-premise and single-tenant SaaS users. The UI will display a warning when creating a Basic credential password that is shorter than 14 characters.

However, creating and updating Basic credentials that do not meet FIPS requirements is not blocked, as they may continue to be used for non-Snowflake connections.

Any Snowflake connection using non-compliant credentials will fail, resulting in an error message indicating non-compliance as the cause.

Will credentials be deleted?¶

Credentials that do not meet FIPS requirements will not be deleted, but may not function for Snowflake connections.

If you have questions or need assistance, contact DataRobot Support.