I Manage an environment for a federal branch of the government. Our wintel team has configured all servers using STIG's that are Approved and has FIPS among other security measures on the servers. It is an air tight system. No outside connection to it.
But even though on the windows level it's all set, on a SolarWinds level all diagnostics always come back false for FIPS and not set. Which leads me to believe that there is a configuration difference between the server and how solarwinds was deployed.
Because of this we run through plenty of security related problems. Such as UAC being a pain. It's part of STIG configuration and disabling UAC is breaking STIG's which wouldn't be approved unless there is a very heavy argument made. And justifiable proof to show this is needed.
I have a feeling because solarwinds might potentially be operating outside of FIPS and other security measures could be the reason as to why we keep having problems. This includes security changing permissions automatically, holding files hostage, or denying access to files. Putting files in read only mode. And so on.
This last weekend we had an upgrade to 2020.2.5 that ended up bringing our environment down. Lots of assembly missing errors. File missing errors. And almost as if security got in the way and prevented not automated centralized upgrade from happening.
So I wanted to open this question to any Federal administrators, or those who might work with FIPS and strig government requirements. And the questions is also for any product manager or developer of solarwinds that could help me get the software in line with regulations so that it doesn't get snagged in security layers.
Any help would be appreciated to help me get our deployment to follow FIPS and Stigs properly. I can provide any additional information needed. Thanks.