Home » McAfee Manuals » Computer Software » McAfee PASCDE-AB-IA » Manual Viewer

McAfee PASCDE-AB-IA Product Guide - Page 89

Statement of CCE implementation, Statement of CPE implementation

View all McAfee PASCDE-AB-IA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Appendix A: Implementing the Security Content Automation Protocol Statement of CCE implementation McAfee Policy Auditor patch and vulnerability definitions are updated periodically when new content is available. The audit results can be viewed from the Audits, Reports, or Dashboard user interfaces. CVE information is accessible from the Checks interface, which displays details of Common Vulnerabilities. Users have the ability to view even more detailed CVE information from the Check Details page, which displays the Source, ID, and URL. For example, the URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2122 refers the user to the Mitre site to view details about CVE-2005-2122. The security content provided by McAfee refers to CVE identifiers when addressing vulnerabilities and whether a vendor's patch has been applied to address the vulnerability. Previous versions of McAfee Policy Auditor have been certified by Mitre as CVE-Compatible. Statement of CCE implementation CCE provides a standard system for identifying and referencing system configuration settings. CCE identifies the configuration itself, not the means by which that configuration was reached. CCE encourages interoperability, improves the correlation of test results, and simplifies gathering metrics. McAfee Policy Auditor includes CCE references in the checks content. The Checks tab lists all the checks available to users. Clicking on a check with CCE content lists CCE references that identify the CCE system configuration settings. McAfee Policy Auditor version 6.0 incorporates and supports version 5.0 of the Common Configuration Enumeration (CCE) standard. Previous versions of McAfee Policy Auditor have been certified by Mitre as CCE-Compatible. Statement of CPE implementation McAfee Policy Auditor version 6.0 implements version 2.1 of the Common Platform Enumeration (CPE) standard. CPE provides a standard reference and notation method for information technology systems, platforms, and packages. McAfee Policy Auditor contains the CPE data dictionary in the database with some of it in aggregated format to promote ease of use. Information from this dictionary drives various aspects of the McAfee Policy Auditor interface. McAfee Policy Auditor associates OVAL definitions with CPE Names and allows users to specify CPE names at the benchmark, group, profile, or rule level. McAfee Policy Auditor users can create audits with SCAP content that cover a number of common operating systems and platforms. When CPE platforms are specified, McAfee Policy Auditor uses this information to determine whether it should evaluate compliance with a rule or group of rules. For example, an audit can cover both Windows XP and Windows Vista operating systems but not the Windows 2000 operating system. CPE allows McAfee Policy Auditor to use the correct content on the correct systems. Previous versions of McAfee Policy Auditor have been certified by Mitre as CPE-Compatible. McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6 89

Section	Page
Contents	3
Introducing McAfee Policy Auditor	8
Audience	8
Conventions	8
Finding product documentation	9
Getting started with McAfee Policy Auditor	10
Introduction to compliance audits	10
Auditing systems	11
What's new	11
Software components and what they do	12
Use of ePolicy Orchestrator software features	13
Managed systems vs. unmanaged systems	14
Configuring McAfee Policy Auditor	16
Server settings and what they control	16
Edit McAfee Policy Auditor server settings	18
How permission sets work	18
Default permission sets	19
Edit permission sets	21
Using the McAfee Policy Auditor agent plug-in	22
The agent plug-in and how it works	22
Supported platforms	22
How content is managed	24
Install and uninstall the agent plug-in	24
Install the McAfee Policy Auditor agent plug-in	24
Uninstall the agent plug-in	25
Send a manual wake-up call to a group of systems	25
Display the system tray icon on Windows systems	26
Configuring agentless audits	27
How McAfee Policy Auditor integrates with the McAfee Vulnerability Manager extension	27
Uniform system management	27
McAfee Vulnerability Manager extension integration with scannable systems	28
Asset Discovery scans	28
Data collection scans	28
The Maintain Foundstone Audits server task	28
The Data Import server task	29
Server support	29
Configure McAfee Vulnerability Manager and the ePolicy Orchestrator extension	29
Create a McAfee Vulnerability Manager workgroup	30
Configure the McAfee Vulnerability Manager single sign-on feature	30
Create a data source to synchronize McAfee Vulnerability Manager and ePolicy Orchestrator	31
Register a McAfee Vulnerability Manager database server with McAfee Policy Auditor	32
Manage McAfee Vulnerability Manager credential sets	33
Create an Asset Discovery scan	33
Create an MVM Data Import task	34
Add systems found by McAfee Vulnerability Manager scans to the System Tree	35
Create a Data Collection Scan	35
View McAfee Vulnerability Manager scan status	36
How to handle missing audit results	36
Troubleshoot missing audit results	37
How to handle mismatched McAfee Vulnerability Manager certificates	37
Troubleshoot mismatched McAfee Vulnerability Manager certificates	38
Creating and managing audits	39
Audits and how they work	39
Audit frequency	40
When audits are run	40
Per audit data maintenance	40
Benchmark profiles and their effect on audits	41
Considerations for including systems in an audit	41
Benchmark labels and how they are used	41
Findings	42
Agentless audits	42
Activate benchmarks	42
Create an audit	43
Run an audit manually	43
Disable an audit	44
Delete audits	44
Audit whiteout and blackout periods	44
Set whiteout and blackout periods	44
Service Level Agreements	45
Create, edit, and delete Service Level Agreements	45
How viewing audit results works	46
Exporting audits and audit results	47
Export audits	47
Scoring Audits	49
Default scoring model	49
Flat unweighted scoring model	50
Flat scoring model	50
Absolute scoring model	51
Changing the scoring model	51
Managing Audit Waivers	52
Types of waivers	52
Exception waivers	53
Exemption waivers	53
Suppression waivers	53
Waiver status	54
Filtering waivers by status	54
How start and expiration dates work	54
Examples of filtering waivers by date	54
Filtering waivers by date	55
Filtering waivers by group	55
How waiver requests and grants work	56
Requesting waivers	56
Granting waivers	57
Making waivers expire	57
Deleting waivers	57
File Integrity Monitoring and entitlement reporting	59
How file integrity monitoring works	59
File information monitored	60
File baselines	60
Monitored and excluded files	60
File versioning	61
File version comparison	62
Accept file integrity monitoring events	62
Purge file integrity monitoring events	62
Entitlement reporting	62
Create and apply a file integrity monitoring policy	63
Create a file integrity monitoring policy	63
Apply a policy to systems	65
Compare file versions	65
Accept file integrity monitoring events	66
Purge file integrity monitoring events	66
Create a new file integrity monitoring baseline	67
Query reports for file integrity monitoring	67
Rollup reporting	68
Rollup capabilities	68
Rollup reporting considerations	68
Rollup server tasks	69
Rollup Data - PA: Audit Benchmark Results	69
Rollup Data - PA: Audit Rule Result	70
Rollup Data - PA: Audit Patch Check Result	71
Rollup reports	71
Configure rollup reporting	72
Findings	74
How findings work	74
Types of violations	74
Violation limit	75
Other Findings enhancements	75
Hide or unhide Findings results	75
Dashboards and Queries	77
Policy Auditor default dashboards	77
PA: Compliance Summary dashboard	80
PA: MS Patch Status Summary dashboard	80
PA: Operations	80
PA: PCI Summary	81
Queries as dashboard monitors	82
Policy Auditor agent plug-in debug tool	83
Execute the agent plug-in debug tool	83
Display help	84
Run an audit	84
Run a benchmark	85
Run a check	85
Save debug information	86
Appendix A: Implementing the Security Content Automation Protocol	87
Statement of FDCC compliance	87
Statement of SCAP implementation	88
Statement of CVE implementation	88
Statement of CCE implementation	89
Statement of CPE implementation	89
Statement of CVSS implementation	90
Statement of XCCDF implementation	90
Statement of OVAL implementation	90
Appendix B: Common Criteria requirements	92

Match case Limit results 1 per page

McAfee Policy Auditor patch and vulnerability definitions are updated periodically when new

content is available.The audit results can be viewed from the Audits, Reports, or Dashboard

user interfaces.

CVE information is accessible from the Checks interface, which displays details of Common

Vulnerabilities. Users have the ability to view even more detailed CVE information from the

Check Details page, which displays the Source, ID, and URL. For example, the URL

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2122

refers the user to the Mitre site to

view details about CVE-2005-2122.The security content provided by McAfee refers to CVE

identifiers when addressing vulnerabilities and whether a vendor's patch has been applied to

address the vulnerability.

Previous versions of McAfee Policy Auditor have been certified by Mitre as CVE-Compatible.

Statement of CCE implementation

CCE provides a standard system for identifying and referencing system configuration settings.

CCE identifies the configuration itself, not the means by which that configuration was reached.

CCE encourages interoperability, improves the correlation of test results, and simplifies gathering

metrics.

McAfee Policy Auditor includes CCE references in the checks content.The Checks tab lists all

the checks available to users. Clicking on a check with CCE content lists CCE references that

identify the CCE system configuration settings.

McAfee Policy Auditor version 6.0 incorporates and supports version 5.0 of the Common

Configuration Enumeration (CCE) standard. Previous versions of McAfee Policy Auditor have

been certified by Mitre as CCE-Compatible.

Statement of CPE implementation

McAfee Policy Auditor version 6.0 implements version 2.1 of the Common Platform Enumeration

(CPE) standard. CPE provides a standard reference and notation method for information

technology systems, platforms, and packages.

McAfee Policy Auditor contains the CPE data dictionary in the database with some of it in

aggregated format to promote ease of use. Information from this dictionary drives various aspects

of the McAfee Policy Auditor interface.McAfee Policy Auditor associates OVAL definitions with

CPE Names and allows users to specify CPE names at the benchmark, group, profile, or rule

level.McAfee Policy Auditor users can create audits with SCAP content that cover a number

of common operating systems and platforms.

When CPE platforms are specified, McAfee Policy Auditor uses this information to determine

whether it should evaluate compliance with a rule or group of rules. For example, an audit can

cover both Windows XP and Windows Vista operating systems but not the Windows 2000

operating system. CPE allows McAfee Policy Auditor to use the correct content on the correct

systems.

Previous versions of McAfee Policy Auditor have been certified by Mitre as CPE-Compatible.

Appendix A: Implementing the Security Content Automation Protocol

Statement of CCE implementation

McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6