FIPS 1402 NonProprietary Security Policy: McAfee Agent Cryptographic Module (Version 1.0)
Document Version 1.4
© McAfee
Page 21 of 22
3 Guidance and Secure Operation
This section describes how to configure the module for FIPSapproved mode of operation.
3.1 Crypto Officer and User Guidance
3.1.1 Software Packaging and OS Requirements
The module is included with McAfee Agent version 4.6 and is not available for direct download. The
McAfee Agent application must be installed on a supported operating system running in single user
mode. To configure singleuser mode, the following must be disabled:
Remote registry and remote desktop services
Remote assistance
Guest accounts
Server and terminal services
Specific configuration steps are beyond the scope of this document.
3.1.2 Enabling FIPS Mode
To meet the cryptographic security requirements, certain restrictions on the installation and use of
McAfee Agent must be followed. The steps below will ensure that the module implements all required
selftests and uses only approved algorithms. Please note that once the module is in FIPSapproved
mode, it cannot transition to a nonapproved mode.
3.1.2.1 Installation
1. The installation must be a new install. Upgrading from a previous version of McAfee Agent is
not valid.
2. The module is included with McAfee Agent 4.6 and is not separately purchased or installed.
McAfee Agent 4.6 (and subsequently the module) can be installed either via deployment from
ePO Server or downloading and executing framepkg.exe from the ePO server.
3.1.3 Additional Rules of Operation
1. All host system components that can contain sensitive cryptographic data (main memory,
system bus, disk storage) must be located in a secure environment.