When FIPS mode is enabled in the client operating system, applications use only cryptographic algorithms that are FIPS-140 compliant and in compliance with FIPS-approved modes of operation.
Important: For FIPS compliance, the Windows endpoint must be put into FIPS mode prior to installing the
Carbon Black Cloud sensor. If you install the sensor without the FIPS-compliant cryptography option and later decide to use this option, you must uninstall the sensor, enable FIPS mode, and then reinstall the sensor.
Configure FIPS Compliance for a Windows Endpoint by using Group Policy
You can enable FIPS mode on a Windows endpoint by using a Group Policy setting.
Prerequisites
For FIPS compliance, Bitlocker must be enabled on the endpoint.
Procedure
- Open the Group Policy Editor.
- Go to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
- Enable System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Configure FIPS Compliance for a Windows Endpoint by using the Windows Registry
You can enable FIPS mode on a Windows endpoint through the Windows Registry.
Prerequisites
For FIPS compliance, Bitlocker must be enabled on the endpoint.
Procedure
- In the Windows Registry Editor, go to
HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled. - Set Enabled to 1.
