cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ESM - FIPS Compliant Mode

I am looking at the 9.4.0 documentation for FIPS mode and I am seeing a section that states that the ELM and ACE have either restricted functionality or are not FIPS compliant.  Does anyone from McAfee know if these devices are not FIPS compliant at all, or just have restricted functionality? Would a ETM/ELM/ERC combo box be able to be FIPS compliant? (Based on the except below, I am thinking that both the cobo-box and the ace are not FIPS compliant appliances, but I would like an official ruling) If I attach and ACE to the SIEM, does that immediately violate FIPS compliance?   (Below is the except taken from esm_940_pg_en-us.pdf) Please let me know how this might pertain to FIPS compliance.  Thank you.

FIPS mode information

Due to FIPS regulations, some ESM features aren't available, some available features are not compliant, and some features are only available when in FIPS mode. These features are noted throughout the document and are listed here.

Feature status Description Removed features

• High-availability Receivers

• GUI Terminal

• Ability to SSH into device

McAfee ESM and devices use a FIPS-capable version of SSH. SSH clients OpenSSH, Putty, dropbear, Cygwin ssh, WinSCP and TeraTerm have been tested and are known to work. If using Putty, version 0.62 is compatible and can be downloaded at www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

• On the device console, the root shell is replaced by a restricted menu of FIPS options.

Non-Compliant or restricted available features

• WMI data sources

• RADIUS authentication

• OPSEC data sources

• ADM support and device

• ISS SiteProtector data sources

• ELM/ELMERC/ESMLM support and device

• Network Discovery from SNMPv3 and SSH

• DEM support and device

• External database server access

• ACE support and device

SNMPv3 options:

• SNMP configuration — Blacklist check box and Authentication Mode is always None

• Health requests and blacklist traps — SNMP health requests and blacklist traps must use SNMPv3 authPriv with SHA1 and AES

• EngineID — You can set the SNMP EngineID for the ESM

• Event Forwarding — Authentication Mode is always None

• Profile Management — Authentication Mode is always None

• Data Sources — Authentication Mode is always None

Features available only in FIPS mode

• There are four user roles that do not overlap: User, Power User, Audit Admin, and Key & Certificate Admin.

• All Properties pages have a Self-Test option that allows you to verify that the system is operating successfully in FIPS mode.

• If FIPS failure occurs, a status flag is added to the system navigation tree to reflect this failure.

• All Properties pages have a View option that, when clicked, opens the FIPS Identity Token page. It displays a value that must be compared to the value shown in those sections of the document to ensure that FIPS hasn't been compromised.

• On System Properties | Users and Groups | Privileges | Edit Group, the page includes the FIPS Encryption Self Test privilege, which gives the group members the authorization to run FIPS self-tests.

• When you click Import Key or Export Key on IPS Properties | Key Management, you are prompted to select the type of key you want to import or export.

• On the Add Device Wizard, TCP protocol is always set to Port 22. The SSH port can be changed.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community