Table of Contents
Advertisement
Appendix A: Implementing the Security Content
Automation Protocol
McAfee Policy Auditor version 6.0 uses the Security Content Automation Protocol (SCAP)
version 1.1. Security content conforming to the SCAP standard can be used by any product
supporting the standard and the results can be shared between these products.
SCAP is a collection of six open standards developed jointly by various United States government
organizations and the private sector. McAfee Policy Auditor uses the Security Content Automation
Protocol (SCAP) to perform automated audits, including policy compliance evaluations such as
the Federal Information Security Management Act (FISMA).
Contents
Statement of FDCC compliance
Statement of SCAP implementation
Statement of CVE implementation
Statement of CCE implementation
Statement of CPE implementation
Statement of CVSS implementation
Statement of XCCDF implementation
Statement of OVAL implementation
Statement of FDCC compliance
McAfee asserts that McAfee Policy Auditor version 6.0 does not alter or conflict with the Federal
Desktop Core Configuration (FDCC) settings on Microsoft Windows XP and Vista systems.
These ports are used by McAfee Policy Auditor version 6.0.
Setting
Agent-to-server communication
Agent wake-up communication
Agent broadcast communication
Console-to-application server
communication
Sensor-to-server communication
Security threats communication
SQL server TCP
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
Port
80
8081
8082
8443
8444
8801
1443
Can be edited
No
Yes
Yes
Only during installation
Only during installation
Only during installation
Only during installation
87
Advertisement
Table of Contents
