App Control Common Criteria Certification and FIPS 140-2 Validation
Article ID: 290507
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Information on Common Criteria/FIPS 140-2 and how to enable FIPS 140-2 support for App Control.
Environment
- App Control Server: All Supported Versions
- App Control Windows Agent: All Supported Versions
- App Control Linux Agent: All Supported Versions
- App Control macOS Agent: 8.10.0+
Resolution
Common Criteria Certification
|
FIPS Compliance
The App Control Agent & Server both are FIPS compliant, and will rely on the underlying Operating System (Windows, Linux, macOS) to meet & provide the FIPS functionality. This allows App Control to be deployed by federal agencies (including contracted service providers and other organizations) requiring stringent security standards to protect sensitive information.
Enabling FIPS Mode
- Verify the operating system being used supports FIPS 140.
Note: Enabling FIPS in the Operating System may require opening a ticket with that vendor, as doing so is outside the scope of Carbon Black Support.
- If using macOS:
- Upgrade to macOS Agent 8.10.0 (or higher)
- Log in to the Console and navigate to https://<ServerAddress>/agent_config.php
- Click Add Agent Config and use the following details:
- Name: Enable FIPS for macOS
- Host ID: 0
- Value:
fips_override=1
- Platform: Mac
- Status: Enabled
- Create For: All Current and Future Policies
- Click Save
- Verify the Agent shows as Connected & Up to Date
- Use the dascli or b9cli to issue the status command and verify FIPS Mode in the Client Information section, example:
Client Information
Client: SERVER (DOMAIN\HOSTNAME)
MAC Address: 01:23:45:67:89:AA
FIPS Mode: System Enabled,Agent Enabled
Feedback
Yes
No
Powered by
