To meet regulatory or data security requirements, you can enable Federal Information Processing Standard Publication (FIPS) 140-3 level 1 compliance for new Looker (Google Cloud core) instances. FIPS 140-3 is a US government computer security standard that certifies cryptographic modules. You can configure FIPS 140-3 validated encryption when you create new Looker (Google Cloud core) instances of the Enterprise or Embed edition.
This document explains how to configure FIPS 140-3 validated encryption.
If your Looker (Google Cloud core) instance was created with the FIPS 140-2 level 1 standard, it will be automatically updated to FIPS 140-3 level 1 encryption upon upgrade to Looker 26.12.
Create a FIPS 140-3 level 1 compliant Looker (Google Cloud core) instance
To create a new FIPS 140-3 level 1 compliant Looker (Google Cloud core) instance, in the FIPS 140-3 level 1 Validated Encryption portion of the Encryption section, select the Enable FIPS 140-3 level 1 Validated encryption checkbox when you create the Looker (Google Cloud core) instance.
Only new instances can be placed into FIPS-compliant mode.
Looker (Google Cloud core) doesn't support exporting or migrating data from an instance that isn't FIPS compliant into a FIPS-compliant instance.
FIPS and database dialects
Any database that was used by a Looker (Google Cloud core) instance that is in FIPS-compliant mode won't work with a Looker (Google Cloud core) instance that is not in FIPS-compliant mode.
Several database dialects that are otherwise supported by Looker (Google Cloud core) are not supported in FIPS-compliant mode. The following dialects are not supported in FIPS-compliant mode:
- Apache Druid
- Denodo 8
- Dremio 11+
- IBM Netezza
- Microsoft Azure SQL Database
- Microsoft SQL Server (MSSQL)
- PrestoDB
- PrestoSQL
- Teradata
- Trino
FIPS and group mirroring
FIPS-compliant Looker (Google Cloud core) instances that use Google OAuth for user authentication don't support group mirroring between Google Groups and Looker (Google Cloud core).