App Control Common Criteria Certification / FIPS 140-2 Certifications
search cancel

App Control Common Criteria Certification / FIPS 140-2 Certifications

book

Article ID: 290507

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Information on Common Criteria/FIPS 140-2 and how to enable FIPS 140-2 support for App Control.

Environment

  • App Control Server: All Supported Versions
  • App Control Windows Agent: All Supported Versions
  • App Control Linux Agent: All Supported Versions
  • App Control macOS Agent: 8.10.0+

Resolution

Common Criteria Certification

The Target of Evaluation for App Control included the following Server software and Agent software components:

  • App Control Server and Console version 8.8.2
  • App Control Agent for Windows version 8.7.2
  • App Control Agent for Linux version 8.7.6

The full report, certification and latest Maintenance Assurance can be accessed via the NIAP site.

 

FIPS Compliance

The App Control Agent & Server both are FIPS compliant, and will rely on the underlying Operating System (Windows, Linux, macOS) to meet & provide the FIPS functionality. This allows App Control to be deployed by federal agencies (including contracted service providers and other organizations) requiring stringent security standards to protect sensitive information.

Enabling FIPS Mode

  1. Verify the operating system being used supports FIPS 140.
    Note:  Enabling FIPS in the Operating System may require opening a ticket with that vendor, as doing so is outside the scope of Carbon Black Support.
  2. If using macOS:
    1. Upgrade to macOS Agent 8.10.0 (or higher)
    2. Log in to the Console and navigate to https://<ServerAddress>/agent_config.php
    3. Click Add Agent Config and use the following details:
      • Name: Enable FIPS for macOS
      • Host ID: 0
      • Value: 
        fips_override=1
      • Platform: Mac
      • Status: Enabled
      • Create For: All Current and Future Policies
    4. Click Save
    5. Verify the Agent shows as Connected & Up to Date
  3. Use the dascli or b9cli to issue the status command and verify FIPS Mode in the Client Information section, example: 
    Client Information
        Client:            SERVER (DOMAIN\HOSTNAME)
        MAC Address:       01:23:45:67:89:AA
        FIPS Mode:         System Enabled,Agent Enabled
Powered by Wolken Software