Source:
http://blogs.msdn.com/b/shawnfa/archive/2008/03/14/disabling-the-fips-algorithm-check.aspx
You could add the following to your web.config or machine config so your ASP.Net applications will stop failing due to the FIPs compliance checks.
<configuration>
<runtime>
<enforceFIPSPolicy enabled="false"/>
</runtime>
Your machine.config can be found here:
\Microsoft.NET\Framework\\config\machine.config
If you change your machine.config, an iisreset may be required for the settings to take effect. Note: changing your maching.config will effect all .NET applications on the system.
To get your application to be FIPs compliant without having to disable FIPs, you can try the following:
1) Configure your machine key to use 3DES for decryption and SHA1 for validation.
EDIT (2018-04-05): The new IIS8.5 STIG says you should set your Machine Key settings to Validation: HMACSHA256, Encryption: Auto.
<configuration>
<system.web>
<authentication mode="Windows" />
<machineKey decryption="3DES" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" validationKey="AutoGenerate,IsolateApps" />
</system.web>
</configuration>
NOTE: if you are using a web farm environment, you can use IIS GUI and go to the Machine Keys configuration section to generate a set of keys and use the same keys across your web farm.
2) Ensure that your compilation debug="false", and all page directives have debug="false". Setting debug to true will also kick off the FIPs compliance check.