Audit Frequency; When Audits Are Run; Per Audit Data Maintenance - McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual

Creating and managing audits
Audits and how they work
When you run an audit against a system, the audit reports the comparison between the
configuration status of the system and the rules in the benchmarks. When the default audit
scoring model is used, the audit also reports a comparative score of the system ranging from
0 to 100.

Audit frequency

Audit frequency describes how often data should be gathered.
Frequency is defined as "Audit results should be no older than nnn time unit," where "nnn" is a
number and "time unit" is days, weeks, or months. For example, if the frequency for an audit is
defined as 1 month and a system has not been audited in more than 1 month, the results are
considered to have expired.
Differentiating expired results
When you set the Differentiate expired results in a query server setting to true, reports and
queries differentiate expired results as follows:
pass-expired — The results have expired but the last audit results evaluated to pass.
fail-expired — The results have expired but the last audit results evaluated to fail.
other-expired — The results have expired and the previous audit results evaluated to a
condition other than pass or fail.
No audit results
If an audit has not run, it has a status of no results in reports and queries. Results are shown
after the audit runs.

When audits are run

McAfee Policy Auditor provides three ways to run an audit.
The software runs audits under these situations:
You manually run an audit. When you manually run an audit, the audit runs during the next
whiteout period.
The audit is scheduled to run.
Managed systems — The agent plug-in runs the audit before the results expire, even if
the system is not connected to the network. The audit expiration date is defined by the
audit frequency.
Unmanaged systems — McAfee Foundstone or McAfee Vulnerability Manager runs the
audit before the audit expires, as defined by the audit frequency. The system must be
connected to the network.
McAfee updates the audit content. This happens most often with patch assessment audits.
When content is updated, the audit runs during the next whiteout period.

Per audit data maintenance

McAfee Policy Auditor provides per audit data maintenance.This lets you control, at the individual
audit level, what information to retain and how long to retain it.
The software system settings provide a standard for retaining results for audits and Findings.
However, you may want to retain some audit information for a greater or lesser amount of time.
40 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6