Benchmark Profiles And Their Effect On Audits; Considerations For Including Systems In An Audit; Benchmark Labels And How They Are Used - McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual

Creating and managing audits
Audits and how they work
You can create or edit an audit so that it retains audit or Findings information for a different
period of time than is specified in the global system settings.

Benchmark profiles and their effect on audits

Audits have benchmarks assigned to them. Many benchmarks contain profiles, which are named
sets of selected groups, rules, and values targeted toward different computer system
configurations and threat risks. A profile can:
Enable or disable one or more groups
Enable or disable one or more rules
Change the variables that are used within a rule, such as the minimum password length
Profiles are normally designed to apply to a particular set of systems. For example, a benchmark
could contain two profiles, one for Windows and one for UNIX. As another example, a benchmark
might contain High Security, Medium Security, and Low Security profiles.
Selecting a profile should be based upon the risk of the systems being audited. Systems
containing customer credit card information are a greater threat to an organization if the data
is compromised than does a system used to create company newsletters.

Considerations for including systems in an audit

Audits can be designed for a specific computer system configuration, and McAfee Policy Auditor
allows you to include or exclude systems from an audit based on a number of system
characteristics.
McAfee Policy Auditor allows you to exclude one or more managed systems based on system
name, IP address, MAC address, or user name.
Including systems in an audit
McAfee Policy Auditor provides two methods for including systems in an audit.
The first method allows you to include managed systems by specifying System Tree and Tags:
Add System — A managed system as defined by system name, IP address, MAC address,
or user name
Add Group — A group defined in the ePO System Tree
Add Tag — Systems that have been tagged in the ePO System Tree, such as server,
workstation, or laptop.
The second method allows you to include managed systems by specifying Criteria. Criteria is
defined by selecting properties and using comparison operators and values to represent managed
systems. You can select one or more criteria.

Benchmark labels and how they are used

Labels classify a benchmark to aid in searches. Each benchmark can have multiple labels
assigned to it.
Labels can describe the programmatic use of a benchmark, such as applying a label of MNAC
to a benchmark designed for the McAfee Network Access System extension. Labels can also
describe the function of a benchmark, such as applying a label of SOX to a benchmark that
tests compliance with the Sarbanes-Oxley standard. Labels are applied with the
McAfee Benchmark Editor extension or are contained in McAfee-supplied benchmarks.
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6 41