Appendix
126 |
Appendix
Making Endpoint Encryption for Files and Folders FIPS
Compliant
The following procedures must be followed to operate McAfee Endpoint Encryption for
Files and Folders cryptographic module in a FIPS Approved mode:
1.
McAfee Endpoint Encryption for Files and Folders must be installed using a
FIPS approved algorithm. The validated version of McAfee Endpoint Encryption
for Files and Folders presents AES-256 as the only option for the encryption
algorithm. The AES-256 encryption algorithm is certified for use in FIPS 140-2
implementations.
2.
The module software must be operating in “FIPS” mode. This is done by
setting the FIPS registry key value from 0 (disabled) to 1 (enabled). The first
step is to create a FIPS registry script (see Appendix A for details). Once the
file is created
right click on the newly created .reg file and select merge from
the drop down menu.
3.
To verify that the registry has been updated properly the user must install a
registry editor and navigate to
the following paths and verify that “FipMode is
set to 1”:
•
Windows 2000 and XP - HKEY_LOCAL_MACHINE\SOFTWARE\SafeBoot
International\SafeBoot Content Encryption\Verifier
• HKEY_LOCAL_MACHINE\SOFTWARE\SafeBoot
International\SafeBoot Content Encryption\Verifier
The PC used to run McAfee Endpoint Encryption for Files and Folders must be built
using production grade components and configured in a single operator mode. To do
this, the following operating system services must be disabled:
• Fast user switching
• Terminal services
• Remote registry service
• Secondary logon service
• Telnet service
• Remote desktop and Remote assistance services
Comentarios a estos manuales