Showing results for 
Search instead for 
Did you mean: 

ePO 4.66 \ MA4.6 \ EEPC 6.x and the use of FIPS

Hi all

I am about to embark on a project to implement a Mcafee ePO solution for a client (5000 seats with about half as Laptops)

As the work is UK classified I need to understand the downstream implications on other McAfee Products (PA. MVM, Move etc), should I install ePO & MA in FIPS Mode, (an action which is irreversible apart from rebuild)

With sparse Documentation on the subject, I have decided to put it to the Community to see if anyone has experience of using this mode and whether the decision has proven to be wise.

I appreciate that I can install ePO & MA in non-FIPS and still use EEPC in FIPS but have discovered this method is not covered at EAL2+ which I would ideally  like to achieve as a minimum. (The OS will be at EAL4)

I also appreciate that the FIPS Compliance is a US mandated requirement for such Domains, but have not yet been able to qualify whether it should be used over here!. (obviously,  this is being followed up in other directions)

Any comments as to experience\ implementation problems \ Gotchas, would help me decide.

Thanks in advance

2 Replies

Re: ePO 4.66 \ MA4.6 \ EEPC 6.x and the use of FIPS

Something to bear in mind and probably confirm with McAfee directly first. I pulled up the Fips mode user Guide for ePO 4.6 and at the end in the supported environments it does say "McAfee ePolicy Orchestrator 4.6.0 through 4.6.4" It does not mention ePO 4.6.5 or 4.6.6

Re: ePO 4.66 \ MA4.6 \ EEPC 6.x and the use of FIPS

yeah!  thanks rackroyd,  I had noticed that


with the Common Criteria Evaluation and Validation Scheme Validation Report dated  Sept last year, I was somewhat 'hoping' later versions will be using the same encryption modules ( dll's).Given the statement in FIPS certification update: EEPC v7.x and Core Cryptographic Module on 5th April this year.  things might be moving ahead. Versioning queries have already been directed to Mcafee anyways.

" While this is beneficial for EEPC customers it only covers the implementation on Windows, not OS/X. There are also other McAfee products which require FIPS certified encryption capabilities. To that end, we have decided that we will create a core cryptographic module which will be shared across multiple products. This new cryptographic module will contain all of the performance improvements from EEPC v7.0 and will first be used in EEPC v7.1.

We are very pleased to announce that McAfee Core Cryptographic Module (user) and McAfee Core Cryptographic Module (kernel) FIPS 140-2 cryptographic modules have entered into Block 1 of the validation process and is now officially listed as "Implementation Under Test (IUT)" on the NIST website. We are expecting to complete these validations in Q4 2013. These cryptographic modules are being validated at FIPS 140-2 Level 1 and are common crypto modules for usage across both McAfee Endpoint Encryption for PC (Windows and OS/X) and McAfee Endpoint Encryption for Files and Folders. "

If need be I will have to use 4.6.4 until the later version becomes available however, at this stage of the Project,  I am more interested in the communities experience of using FIPS

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community