cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
markgarza
Level 10
Report Inappropriate Content
Message 1 of 3

Migrating to FIPS compliance

Hi all, I was directed here from the EPO forum. I am working on migrating our EPO environment to FIPS compliance, and one of the aspects of this will be the drive encryption. I have talked to the EPO team about how to migrate the systems, but I had one question that they said would be better directed here. Here is the original thread: https://community.mcafee.com/t5/ePolicy-Orchestrator/Some-questions-about-migrating-to-new-hardware-...

My question in there was: 

"We do have DE encrypted products, and it is to my understanding that in order for that to be FIPS compliant, we must decrypt/uninstall McAfee DE and then re-install using appropriate CMD line arguments and re-encrypt the drive (per https://docs.mcafee.com/bundle/drive-encryption-7.2.5-installation-guide-epolicy-orchestrator/page/G...). Will this process not generate new encryption keys anyway, or am I misunderstanding?'

This was in the context of using the system transfer option in EPO to transfer systems to the new FIPS compliant EPO server, as opposed to just exporting the agent on the new server and installing it on our hosts. I am wondering if, since our DE clients are not currently FIPS compliant, if the system transfer would really matter much as far as "keeping the encryption keys" that cdinet was talking about if I'm going to have to just re-encrypt them for FIPS compliance.

Please let me know if you need some clarification on what I'm asking. Thank you.

Labels (2)
2 Replies
markgarza
Level 10
Report Inappropriate Content
Message 2 of 3

Re: Migrating to FIPS compliance

Anyone?

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Migrating to FIPS compliance

Hi @markgarza ,

Thank you for writing in here.

Since you are migrating to another FIPS compliance EPO the best advise is ,

1) When the machines are still reporting to old EPO, kindly send assign a decrypt policy to your clients.

2) And once decrypted kindly assign a uninstall task from EPO for these machines

3) Then from the new FIPS ePO push the MDE clients with FIPS mode and activate them as per the article,

https://docs.mcafee.com/bundle/drive-encryption-7.2.5-installation-guide-epolicy-orchestrator/page/G...

4) Kindly make sure you are using MDE 7.2.9.17 as it has critical fixes.

 

Thank you. 

 

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community