McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual
McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual

McAfee PASCDE-AB-IA - Policy Auditor For Servers Product Manual

Product guide
Table of Contents

Advertisement

Quick Links

McAfee Policy Auditor 6.0 software
Product Guide for ePolicy Orchestrator 4.6

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the PASCDE-AB-IA - Policy Auditor For Servers and is the answer not in the manual?

Questions and answers

Summary of Contents for McAfee PASCDE-AB-IA - Policy Auditor For Servers

  • Page 1 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 2 SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
  • Page 3: Table Of Contents

    Install the McAfee Policy Auditor agent plug-in........
  • Page 4 Manage McAfee Vulnerability Manager credential sets........
  • Page 5 Create and apply a file integrity monitoring policy..........63 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 6 Save debug information..............86 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 7 ..........McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 8: Introducing Mcafee Policy Auditor

    The system classifications that determine which functional components can be used. The functional components you can use to audit systems. This includes leveraging the software with McAfee Policy Auditor and other McAfee and third-party software. The functional components you can use to audit systems. This includes leveraging the ®...
  • Page 9: Finding Product Documentation

    Critical advice to prevent bodily harm when using a hardware product. Finding product documentation McAfee provides the information you need during each phase of product implementation, from installing to using and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
  • Page 10: Getting Started With Mcafee Policy Auditor

    Use of ePolicy Orchestrator software features Managed systems vs. unmanaged systems Introduction to compliance audits Before using McAfee Policy Auditor, it is important to understand what audits are, when you should use them, and why you should use them. What are compliance audits? A compliance audit is a comprehensive review of an organization's adherence to external regulatory guidelines or internal best practices.
  • Page 11: Auditing Systems

    Scoring audits When you audit a system with McAfee Policy Auditor, it returns a score indicating how well the system complied with the audit. McAfee Policy Auditor supports the four scoring models described in the eXtensible Configuration Checklist Description Format (XCCDF) 1.1.4 specifications.
  • Page 12: Software Components And What They Do

    Policy Auditor — Handles policy and task management, audit schedules, and system management. McAfee Policy Auditor agent plug-in The McAfee Policy Auditor agent plug-in expands the ability of the McAfee Agent to support McAfee Policy Auditor. When audits are deployed to systems with the McAfee Agent, the agent plug-in determines when the audits should be run.
  • Page 13: Use Of Epolicy Orchestrator Software Features

    Getting started with McAfee Policy Auditor Use of ePolicy Orchestrator software features Installing the agent plug-in adds a product icon to the McAfee Agent system tray. In Windows environments, the product icon optionally displays a balloon tip to indicate the system is being audited.
  • Page 14: Managed Systems Vs. Unmanaged Systems

    Managed systems vs. unmanaged systems Knowing how McAfee Policy Auditor classifies systems on your network is important for setting up and using the product, and for using its features. McAfee Policy Auditor uses two system classifications: Managed systems and unmanaged systems.
  • Page 15 Unmanaged systems can be audited by registering a McAfee Vulnerability Manager 6.8 or McAfee Vulnerability Manager 7.0 server with McAfee Policy Auditor. McAfee Vulnerability Manager performs the audits and returns the results to McAfee Policy Auditor. The primary advantage of unmanaged systems is that you can audit them without installing an agent.
  • Page 16: Configuring Mcafee Policy Auditor

    Configuring McAfee Policy Auditor McAfee Policy Auditor is configured from the ePolicy Orchestrator server. The server is the center of your security environment, providing a single location from which to administer system security throughout your network. Contents Server settings and what they control...
  • Page 17 Audit score An audit score indicates how well a system conforms to the ideal settings specified in an audit. McAfee Policy Auditor allows you to change the scoring definitions to reflect your organization's determination of what constitutes a passed or failed audit.
  • Page 18: Edit Mcafee Policy Auditor Server Settings

    Change the settings to the desired values, then click Save. How permission sets work When McAfee Policy Auditor is installed, it adds a permission group to each permission set. When you create a new permission set, the McAfee Policy Auditor permission group is added...
  • Page 19: Default Permission Sets

    Access to items within ePolicy Orchestrator is controlled by interactions between users, groups, and permission sets. For more information on how they interact, see How users, groups, and permission sets fit together in the McAfee ePolicy Orchestrator 4.6 Software Product Guide. Default permission sets McAfee Policy Auditor includes seven default permission sets that provide permissions for McAfee Policy Auditor and related applications.
  • Page 20 View and export benchmarks View and export checks Findings View findings Issue Management Create, edit, view, and purge assigned issues McAfee Policy Auditor View audits and assignments Grant and modify waivers McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 21: Edit Permission Sets

    Configuring McAfee Policy Auditor Edit permission sets Edit permission sets You can edit the default McAfee Policy Auditor permission sets or create your own. Before you begin You must be a global administrator to perform this task. Task For option definitions, click ? in the interface.
  • Page 22: Using The Mcafee Policy Auditor Agent Plug-In

    Agent. It manages the schedule for performing audits, runs the audits, and returns the results to the server. You install the McAfee Agent and the agent plug-in on managed systems. This enables audits to be conducted even if a system is not connected to the network. Once the system reconnects to the network, it returns audit information to the server and receives updated content and schedules for future audits from the McAfee Policy Auditor server.
  • Page 23 Windows Server 2003 Enterprise Edition Native 32- and 64-bit agent Windows Vista Native 32- and 64-bit agent Windows 2008 Server Native 32- and 64-bit agent Windows 7 Native 32- and 64-bit agent McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 24: How Content Is Managed

    The master repository is updated daily by a server task that is included with the software. If you want to update McAfee Policy Auditor on a different schedule, you can create a new server task. You must verify that the task is enabled.
  • Page 25: Uninstall The Agent Plug-In

    Uninstall the McAfee Policy Auditor agent plug-in from systems on your network if you do not want them to be managed by McAfee Policy Auditor content. This is useful when you want to convert a managed system to an unmanaged system and reduce the load on system resources.
  • Page 26: Display The System Tray Icon On Windows Systems

    Before you begin Before sending the agent wake-up call to a group, make sure that wake-up support for the systems’ groups is enabled and applied on the General tab of the McAfee Agent policy pages. This is enabled by default.
  • Page 27: Configuring Agentless Audits

    McAfee Policy Auditor can register a McAfee Vulnerability Manager 6.8 or 7.0 (formerly Foundstone) server to conduct agentless audits. Agentless audits allow you to audit systems that do not have the McAfee Policy Auditor agent plug-in installed. McAfee Vulnerability Manager searches for systems using a Host Name or IP range, adds them to the System Tree, and conducts agentless audits.
  • Page 28: Mcafee Vulnerability Manager Extension Integration With Scannable Systems

    McAfee Vulnerability Manager can only audit systems that have a Foundstone ID.The association between a system and a Foundstone ID is established when a system is imported from McAfee Vulnerability Manager and added to the System Tree.
  • Page 29: The Data Import Server Task

    McAfee Policy Auditor. Synchronize information between McAfee Vulnerability Manager and McAfee Policy Auditor. For example, if you add or delete an audit from McAfee Vulnerability Manager, the task will add or delete an audit from McAfee Policy Auditor.
  • Page 30: Create A Mcafee Vulnerability Manager Workgroup

    Create a McAfee Vulnerability Manager workgroup and administrator for your McAfee Policy Auditor administrator and users. McAfee recommends that you give the McAfee Policy Auditor administrator only the access of a McAfee Vulnerability Manager workgroup administrator, not full access of an organization administrator.
  • Page 31: Create A Data Source To Synchronize Mcafee Vulnerability Manager And Epolicy Orchestrator

    This avoids duplication by ensuring that systems and other assets from a McAfee Vulnerability Manager Discovery Scan are matched to ePolicy Orchestrator server-managed assets. You can also set up a data source from the McAfee Vulnerability Manager interface. See the McAfee Vulnerability Manager documentation for details on how to do this. Task For option definitions, click ? in the interface.
  • Page 32: Register A Mcafee Vulnerability Manager Database Server With Mcafee Policy Auditor

    McAfee Vulnerability Manager database server. The user name for Windows authentication must include the domain (domain\user). Select SQL authentication to enter a SQL user name and password to access the McAfee Vulnerability Manager Database server. Click Test Connection to determine whether the ePolicy Orchestrator server can connect to the McAfee Vulnerability Manager database.
  • Page 33: Manage Mcafee Vulnerability Manager Credential Sets

    Configure McAfee Vulnerability Manager and the ePolicy Orchestrator extension Manage McAfee Vulnerability Manager credential sets You can create, edit, and delete credential sets for systems managed by McAfee Vulnerability Manager. Credential sets grant McAfee Vulnerability Manager access to systems and, depending on the operating system, may use Windows authentication or a user name with password.
  • Page 34: Create An Mvm Data Import Task

    Add after specifying each credential. Click Next. The Reports tab appears. Deselect Create remediation tickets. The Scheduler tab appears. 10 Select a Schedule Type. McAfee recommends that you select the Immediate option the first time you run this scan. Once McAfee Vulnerability Manager has had the opportunity to scan all assets, you can edit the scan to occur at regular intervals.
  • Page 35: Add Systems Found By Mcafee Vulnerability Manager Scans To The System Tree

    Add systems found by McAfee Vulnerability Manager scans to the System Tree You can add systems discovered during a McAfee Vulnerability Manager scan to the ePolicy Orchestrator server System Tree. To use systems discovered by a McAfee Vulnerability Manager scan in McAfee Vulnerability Manager, the user must import the systems into the ePolicy Orchestrator server and make them available through the System Tree.
  • Page 36: View Mcafee Vulnerability Manager Scan Status

    View McAfee Vulnerability Manager scan status You can view the status and results of McAfee Vulnerability Manager scans. The Asset Discovery Scan needs to finish running before you add assets to the ePolicy Orchestrator System Tree. Task For option definitions, click ? in the interface.
  • Page 37: Troubleshoot Missing Audit Results

    If systems are not being audited because they are disconnected from the network, you can run the scan and server tasks more frequently or convert them to managed systems by installing the McAfee Policy Auditor agent plug-in. A managed system audits itself and returns the results once it is reconnected to the network.
  • Page 38: Troubleshoot Mismatched Mcafee Vulnerability Manager Certificates

    Configuring agentless audits How to handle mismatched McAfee Vulnerability Manager certificates Troubleshoot mismatched McAfee Vulnerability Manager certificates Use this task to re-establish or change SSL communication between McAfee Policy Auditor and a McAfee Vulnerability Manager server. Task For option definitions, click ? in the interface.
  • Page 39: Creating And Managing Audits

    Creating and managing audits McAfee Policy Auditor allows you to create audits based on benchmarks and assign them to run on systems. You can create audits from a McAfee-supplied selection of predefined benchmarks established by government and industry such as SOX, HIPAA, PCI, and FISMA. You can also create audits based on third-party benchmarks or benchmarks that you create yourself.
  • Page 40: Audit Frequency

    When content is updated, the audit runs during the next whiteout period. Per audit data maintenance McAfee Policy Auditor provides per audit data maintenance.This lets you control, at the individual audit level, what information to retain and how long to retain it.
  • Page 41: Benchmark Profiles And Their Effect On Audits

    McAfee Policy Auditor allows you to exclude one or more managed systems based on system name, IP address, MAC address, or user name.
  • Page 42: Findings

    6 characters, the Findings show the actual and expected results. Since it is possible to create a check that reports thousands of violations. McAfee Policy Auditor allows you to set a violation limit that reduces the number of violations that can be displayed to conserve database resources.
  • Page 43: Create An Audit

    In the Active Benchmarks pane, select one or more benchmarks and click Add Benchmark to add them to your audit. McAfee recommends that you use only one benchmark per audit. Choose a profile for your audit: in Selected Benchmarks, select the profile from the Selected Profile drop-down list, then click Next.
  • Page 44: Disable An Audit

    Disable an audit Disable an audit You can disable an existing audit. When an audit is disabled, McAfee Policy Auditor continues to purge information according to the schedule you have set. The audit will not run until you re-enable it.
  • Page 45: Service Level Agreements

    For option definitions, click ? in the interface. Click Menu | Systems | System Tree and select the Assigned Policies tab. Select McAfee Policy Auditor Agent 6.0.0 from the Product drop-down list. Under the Actions column, click edit assignments. The Policy Assignment page appears.
  • Page 46: How Viewing Audit Results Works

    Delete the Service Level Agreement How viewing audit results works McAfee Policy Auditor software offers a number of options for viewing audit results. Several options are available for viewing system and rule compliance.You can view audit results by clicking an audit from the Audits page.
  • Page 47: Exporting Audits And Audit Results

    Export an audit to a file that conforms to the XCCDF results schema. Actions | Export OVAL Export an audit to a file that conforms to the OVAL results schema. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 48 Creating and managing audits Export audits The File Download dialog box appears. Click Save. The Save As dialog box appears. Give the export ZIP file an appropriate name and click Save. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 49: Scoring Audits

    Despite the name of the scoring model, McAfee Policy Auditor does not use this model for its preconfigured scoring model. Instead, the software uses a normalized version of the flat unweighted scoring model that makes it easier to compare audit scores.
  • Page 50: Flat Unweighted Scoring Model

    Flat unweighted scoring model The flat unweighted scoring model computes the score (the number of rules that passed) and compares it against the maximum possible score. McAfee Policy Auditor is preconfigured to use a normalized implementation of the flat-unweighted score model.
  • Page 51: Absolute Scoring Model

    Changing the scoring model You can change the scoring model that McAfee Policy Auditor uses when reporting audit results. When you change the scoring model, the software recalculates the scores to reflect the selected model.
  • Page 52: Managing Audit Waivers

    Deleting waivers Types of waivers McAfee Policy Auditor provides three types of audit waivers that apply to selected systems. Each type of waiver affects scoring results differently: Exception waiver — Forces the audit results of a selected benchmark rule to have a result of pass.
  • Page 53: Exception Waivers

    They can be backdated. Scores for results collected during the backdate timeframe are recalculated. For example, McAfee Policy Auditor audits a system with a benchmark that contains five rules. Four rules pass and one fails, resulting in a score of 80%. If the rule that failed is granted an exception waiver, all five rules are considered to have passed and the score is 100%.
  • Page 54: Waiver Status

    April 1, 2013 is not affected by the waiver. Examples of filtering waivers by date When you filter waivers by date, McAfee Policy Auditor shows waiver status as of the selected date. The status may change according to the date you select for filtering.
  • Page 55: Filtering Waivers By Date

    The Waivers tab shows the status of each waiver as of the selected date. Filtering waivers by group McAfee Policy Auditor allows you to filter waivers by the group selected in the System Tree. Before you begin You must have a group with a subgroup that contains waivers.
  • Page 56: How Waiver Requests And Grants Work

    How waiver requests and grants work McAfee Policy Auditor software shows waivers on the Waivers page when a user with the proper permissions grants approval for the waiver to take effect. Depending upon the internal security policies of your organization, the users who request waivers and the users who grant them can be different.
  • Page 57: Granting Waivers

    Click Expire Waiver. The waiver has a status of Expired. Deleting waivers You can delete a waiver before it takes effect. You can only delete waivers with a status of Upcoming. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 58 Click Menu | Risk & Compliance | Waivers. The Waivers tab appears. Select a waiver with a status of Upcoming and click View. Click Delete Waiver. The deleted waiver no longer appears on the Waivers tab. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 59: File Integrity Monitoring And Entitlement Reporting

    The software monitors files on managed systems only. You must install the McAfee Agent and the agent plug-in on systems that you monitor. When a file is scanned, the agent plug-in returns an event to the McAfee Policy Auditor server. The event is encrypted and compressed to save disk space and bandwidth.
  • Page 60: File Information Monitored

    Orchestrator software software. McAfee Policy Auditor software monitors the MD5 and SHA-1 hashes of a file as well as the file attributes and permissions information. These values are stored in a database that is created on each system and on the software server.
  • Page 61: File Versioning

    Config paths and files in a similar manner. File validation McAfee Policy Auditor does not validate the existence of files. It ignores paths or files that do not exist. File versioning McAfee Policy Auditor allows you to store up to six versions, including the file baseline, of text files from managed systems.
  • Page 62: File Version Comparison

    Entitlement reporting Entitlement reporting informs you of changes to user and group rights to files. Changes to a file's access permissions entitlement generates an event notifying you of the change. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 63: Create And Apply A File Integrity Monitoring Policy

    Create a policy to monitor file integrity, file entitlement, and version changes. Before you begin You must install the McAfee Policy Auditor agent plug-in on all systems that are to be monitored. For instructions on how to do this, see Managing the McAfee Policy Auditor agent plug-in.
  • Page 64 File name — Type a file that you want to exclude from monitoring. This is useful when you use wildcard characters for monitored files. Edit Change the configuration of the selected file. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 65: Apply A Policy To Systems

    Lock or unlock policy inheritance based on your needs. If you lock inheritance, you will not be able to create a new policy based upon this policy that breaks inheritance. McAfee recommends that you unlock policy inheritance for file integrity monitoring policies. Click Save.
  • Page 66: Accept File Integrity Monitoring Events

    Sets the number of lines to show surrounding lines from the empty, deleted, inserted, or modified lines in File 2. Accept file integrity monitoring events McAfee Policy Auditor generates events when monitored files change. You can accept events and automatically create a new file baseline. Task For option definitions, click ? in the interface.
  • Page 67: Create A New File Integrity Monitoring Baseline

    Click Yes. Query reports for file integrity monitoring McAfee Policy Auditor software provides four built-in query reports for file integrity monitoring. Each report provides information on events and allows you to drill down to see detailed information. The query reports also allow you to accept or purge events and to compare file versions if file versioning is enable.
  • Page 68: Rollup Reporting

    Rollup reporting You can run queries that report on summary data from multiple ePolicy Orchestrator databases. McAfee Policy Auditor can use this feature to create rollup reports for audit results. Contents Rollup capabilities Rollup reporting considerations Rollup server tasks Rollup reports...
  • Page 69: Rollup Server Tasks

    Rollup server tasks Rollup server tasks McAfee Policy Auditor includes three predefined server tasks to provide rollup reporting. The tasks are disabled by default. The tasks can roll up information to provide a meaningful view of audit results from multiple servers.
  • Page 70: Rollup Data - Pa: Audit Rule Result

    Group Text Rollup Purge No purging Purge all Filter (none available) Rollup method Incremental Full Group Tree Rollup Purge No purging Purge all Filter (none available) Rollup method Incremental Full McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 71: Rollup Data - Pa: Audit Patch Check Result

    Full Rollup reports McAfee Policy Auditor comes with a number of predefined rollup reports. You can use these reports or use them as starting points to create new reports to fit your organizational needs. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 72: Configure Rollup Reporting

    For option definitions, click ? in the interface. Set up your servers according to the Multi-server rollup querying section in your ePolicy Orchestrator Product Guide. Register each server with the reporting server. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 73 Rollup Data - PA: Audit Rule Result Rollup Data - PA: Audit Patch Check Result Configure and enable the Roll Up Data (Local ePO Server) server task on the reporting server. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 74: Findings

    Findings appear in interface pages and queries and include additional information about why a system failed a check. The software is installed as a separate extension called Findings and is exposed to McAfee and third-party applications through a Java API. This allows other applications to: Report additional details about Findings.
  • Page 75: Violation Limit

    Violation limit For some checks, failure can result in many violations. To save processing time, bandwidth, and disk space, McAfee Policy Auditor provides a violation limit that allows to cap the number of violations shown. The violation limit sets the maximum number of violations that are created for a specific check.
  • Page 76 To do this... Actions | Hide Findings Hide Findings in reports for the check in this audit. Actions | Unhide Findings Show Findings in reports for the check in this audit. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 77: Dashboards And Queries

    MyAvert Security Threats, that is refreshed at a user-configured interval. You can create your own dashboards from query results or use the McAfee Policy Auditor default dashboards. Users must have the appropriate permissions to use and create dashboards.
  • Page 78 PA: File Entitlement — Displays File Entitlement information for each file monitored for entitlement changes. PA: File Integrity - All Events — Displays a count of the File Integrity Events grouped by the baseline date. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 79 PA: Unprocessed Audit Results By System — Pie chart of unprocessed audit results grouped by system. PA: Unprocessed Finding Results — List of unprocessed finding results. PA: Unprocessed Finding Results By System — Pie chart unprocessed finding results grouped by system. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 80: Pa: Compliance Summary Dashboard

    PA: Operations The Operations dashboard is a set of monitors providing a high-level overview of information about the database, unprocessed audit results, unprocessed findings results and agent events. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 81: Pa: Pci Summary

    PA: Unprocessed Finding Results by Audit — Displays unprocessed finding results grouped by audit. PA: Agent Events Grouped by Event Type — Displays events reported by McAfee Policy Auditor agent plug-in grouped by the event type. PA:Table Space Usage — Displays the space used by each table in the ePolicy Orchestrator database.
  • Page 82: Queries As Dashboard Monitors

    Queries as dashboard monitors Use any chart-based query as a dashboard that is refreshed at a user-configured frequency, so you can use your most useful queries on a live dashboard. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 83: Policy Auditor Agent Plug-In Debug Tool

    Type the appropriate command to execute the program. Command Description enginemain.exe -u Opens the graphical version of the tool on Windows systems. Opens the interactive console version of the tool on all enginemain -n supported systems. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 84: Display Help

    . A list of audits and their ID auList appears. Enter . where is the auRun <ID> <ID> audit ID. The audit results are saved to the results file specified in step 1. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 85: Run A Benchmark

    OK to save the results file. Interactive resultFile <filename> Enter to specify the path and name of the audit results file. Example: resultFile c:\test\results.xml McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 86: Save Debug Information

    In the dialog box, type a filename and location to save the ZIP file, then click Interactive saveDebug Enter . The file is saved in the agent plug-in folder. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 87: Appendix A: Implementing The Security Content Automation Protocol

    Statement of OVAL implementation Statement of FDCC compliance McAfee asserts that McAfee Policy Auditor version 6.0 does not alter or conflict with the Federal Desktop Core Configuration (FDCC) settings on Microsoft Windows XP and Vista systems. These ports are used by McAfee Policy Auditor version 6.0.
  • Page 88: Statement Of Scap Implementation

    Configuration Checklist Description Format (XCCDF) Open Vulnerability and Assessment Language (OVAL) McAfee Policy Auditor version 6.0 is compliant with SCAP 1.1 and provides the ability to detect and assess thousands of systems from a McAfee Policy Auditor server. This standardization allows regulatory authorities and security administrators to construct definitive security guidance and to compare results reliably and repeatedly.
  • Page 89: Statement Of Cce Implementation

    (CPE) standard. CPE provides a standard reference and notation method for information technology systems, platforms, and packages. McAfee Policy Auditor contains the CPE data dictionary in the database with some of it in aggregated format to promote ease of use. Information from this dictionary drives various aspects of the McAfee Policy Auditor interface.
  • Page 90: Statement Of Cvss Implementation

    McAfee or third-party sources to construct audits. Users can select the benchmark profile, if any, to use for the audit. After a system is audited, the audit results are returned to McAfee Policy Auditor, which analyzes and reports on the configuration and vulnerability data. The user can specify how long audit data is retained so that they or auditors can review any changes in the state of a system over time.
  • Page 91 XCCDF benchmarks contained in the audit. The OVAL content captures the state of the system at the particular point in time that the audit is run. The results are returned to McAfee Policy Auditor for analysis and reporting. The user specifies how long audit data is to be retained so that they or auditors can review any changes in the state of a system over time.
  • Page 92: Appendix B: Common Criteria Requirements

    Encryption All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or decrypt sensitive data.
  • Page 93 IT security. Intrusion prevention system McAfee Host Intrusion Prevention System software is a preemptive approach to host and network security used to identify and quickly respond to potential threats. McAfee Host Intrusion Prevention System monitors individual host and network traffic. However, because an attacker might carry out an attack immediately after gaining access, McAfee Host Intrusion Prevention System can also take immediate action as preset by the network administrator.
  • Page 94 62, flat unweighted scoring model expiration date, Policy Auditor waivers baseline, file integrity monitoring FDCC compliance benchmark profiles file integrity monitoring effect on system audits accept events 62, McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 95 Rollup Data - PA:Audit Rule Result use in audits rollup reporting considerations OVAL implementation rollup server tasks Policy Auditor, waivers deleting exception waivers per audit data maintenance McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 96 XCCDF implementation create a Vulnerability Manager Workgroup SCAP implementation credential sets, managing scoring audits, Policy Auditor import Asset Discovery Scan results absolute scoring model integration with Policy Auditor 27, McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 97 SCAP 1.1 filtering by group filtering by status granting 56, making waivers expire XCCDF requesting export audit results start date XCCDF implementation status McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...
  • Page 98 Index McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6...

This manual is also suitable for:

Policy auditor 6.0

Table of Contents