Table of Contents
Advertisement
Appendix A: Implementing the Security Content Automation Protocol
Statement of CVSS implementation
Statement of CVSS implementation
McAfee Policy Auditor version 6.0 incorporates version 2.0 of the Common Vulnerability Scoring
System (CVSS). CVSS is a standardized open framework for measuring the impact of
vulnerabilities.
Each CVE includes an associated CVSS vector to determine the relative severity of vulnerabilities.
CVSS is built on a quantitative model that ensures repeatable measurements on systems, valid
comparisons between systems, and that allows users to view the underlying vulnerability
characteristics. Using CVSS scores help an organization to determine and prioritize responses
to detected vulnerabilities.
McAfee Policy Auditor supports all four standard SCAP scoring models:
Flat
Unweighted
Absolute
Default
The default setting for McAfee Policy Auditor is a flat unweighted scoring model normalized to
a maximum possible score of 100. The scoring model can be changed for comparison purposes.
Previous versions of McAfee Policy Auditor have been certified by Mitre as CVSS-Compatible.
Statement of XCCDF implementation
The eXtensible Configuration Checklist Description Format (XCCDF) is an XML specification
language that supports the exchange of information, generation of results, tailoring, automated
compliance testing, and compliance scoring. It also provides a data model and format for storing
results of benchmark compliance testing.
XCCDF provides a uniform standard for the expression of benchmarks and other configuration
guidance to encourage good security practices. McAfee Policy Auditor uses benchmarks from
McAfee or third-party sources to construct audits. Users can select the benchmark profile, if
any, to use for the audit. After a system is audited, the audit results are returned to McAfee Policy
Auditor, which analyzes and reports on the configuration and vulnerability data. The user can
specify how long audit data is retained so that they or auditors can review any changes in the
state of a system over time.
McAfee Policy Auditor version 6.0 implements version 1.1.4 of XCCDF. Previous versions of
McAfee Policy Auditor have been certified by Mitre as XCCDF-Compatible.
Statement of OVAL implementation
The Open Vulnerability and Assessment Language (OVAL) describes the ideal configuration
of systems, compares systems to the ideal configuration, and reports the test results. It provides
a structured model for network and system administrators to detect vulnerabilities and
configuration issues on systems.
McAfee Benchmark Editor uses the Checks interface to import and export OVAL definitions
and other formats supported by XCCDF. These checks can be filtered based on OVAL IDs,
platforms, or any other criteria set by the user. The Check Details interface displays a hyperlink
to specific OVAL IDs, which will display OVAL in XML format.
90
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
Advertisement
Table of Contents
Related Manuals for McAfee PASCDE-AB-IA - Policy Auditor For Servers
Related Products for McAfee PASCDE-AB-IA - Policy Auditor For Servers
- McAfee PSMCDE-AB-AA - PortalShield For Microsoft SharePoint Server External Connection Option
- MCAFEE VIRUSSCAN PLUS 2009
- MCAFEE VIRUSSCAN PLUS 2008
- McAfee SiteAdvisor Enterprise Plus 3.0
- McAfee Network Security Platform
- McAfee Network Security Platform 6.0
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files
- MCAFEE DR SOLOMON S ANTI-VIRUS 8.5
- McAfee Dr Solomon's Anti-Virus