Content
McAfee Policy Auditor
Integration + Innovation = Compliance Efficiency
Need reliable proof of compliance? Never fear. McAfee Policy Auditor was built from the ground up to automate the processes required for internal and external IT audits. Its proven agent, extensive support for content standards, and transparent integration with McAfee ePolicy Orchestrator® (ePO™) mean accurate, efficient audits, every time. So you can get back to managing risk, not paperwork.
Tab Navigation
Benefits and Features
Benefits:
- Simplify operations
Unify management of policy audits and endpoint security to eliminate manual steps and reduce effort and error - Reduce time to compliance
Run consolidated audits across both managed (agent-based) and unmanaged (agentless) systems - Prove compliance consistently
Leverage pre-built policy templates that map IT controls to policy, eliminating manual effort and demonstrating adherence to key industry mandates and internal governance policies - Eliminate need to purchase separate solution for file integrity monitoring
Leverage basic file integrity monitoring capabilities to meet key compliance requirements - Automate manual audits
Schedule automatic reports with up-to-date data, create custom dashboards and reports, and apply built-in waiver management to speed every step of compliance validation - Enforce compliance
Go beyond identifying problems and obtain continuous compliance by preventing unauthorized changes with McAfee Change Control. Prevent drift from policy with system level enforcement that blocks all unauthorized changes
Features:
- Predefined templates for industry regulation
Policy Auditor ships with a variety of templates including PCI DSS, SOX, GLBA, HIPAA, FISMA, and the best practice frameworks ISO 27001 and COBiT. - New standards in compliance validation
New standards in compliance validation McAfee Policy Auditor is Security Content Automation Protocol (SCAP) validated enabling agencies to comply with the Federal Desktop Core Configuration (FDCC) standard. - Unprecedented integration with ePO and Vulnerability Manager
The single ePO console lowers cost of ownership by consolidating endpoint security management and compliance management, easing agent deployment, management, and reporting. Integration with Vulnerability Manager enables organizations to consolidate agent and agentless audits. - Fast, automated import of industry benchmarks
Download benchmarks from authoritative sites, and, within minutes, view detailed security guidance can confirm regulatory compliance or design your own internal governance policies based on security community best practices - Continuous Audit Model and Blackout Window
Security and audit teams can set the frequency of data capture to support automated reports with accurate data. To prevent disruption to critical business applications, a blackout window lets IT operations block audit data capture during key business periods - Scripting Further Extends Policy Auditor capabilities
Organizations also have the ability to create rules from any scripting language supported by the system being audited to extend the check capabilities of Policy Agents further. Sample languages include VBScript, Batch files, Perl and Python.
Description:
If compliance mandates are intended to improve security, why do audits and endpoint policy management take so much time away from managing IT risk? Because myriad point processes and products result in ad hoc efforts and error.
McAfee offers an optimized alternative. Integration and innovation produce real ROI and significant productivity gains, while lowering fear of audits.
McAfee Policy Auditor is an agent-based, purpose-built IT audit solution that leverages the SCAP security standard to automate the processes required for internal and external IT audits. By mapping IT controls against pre-defined policy content, Policy Auditor helps you report consistently and accurately against a variety of compliance mandates, including PCI DSS, SOX, GLBA, HIPAA, FISMA, and the best practice frameworks ISO 27001 and COBiT, and you can download authoritative benchmark content in minutes.
Seamless integration with McAfee ePolicy Orchestrator® (ePO™) eases agent deployment, management, and reporting. The single ePO console lowers cost of ownership by consolidating endpoint security management and compliance management.
Organizations can run consolidated audits across both managed (agent-based) and unmanaged (agentless) systems. This not only cuts down on the effort needed to run audits but for the first time provides organizations with a single unified report across all assets.
Policy Auditor has been extended to provide robust file integrity monitoring capabilities, eliminating the need to purchase yet another security solution and deploy another agent. Organizations also have the ability to create rules from any scripting language supported by the system being audited to extend the check capabilities of Policy Agents further. Sample languages include VBScript, Batch files, Perl and Python.
A Continuous Audit Model automates the process of ensuring up-to-date data for audits and built in waivers support business processes.
Through innovation and integration, Policy Auditor targets operational processes to streamline every step of compliance validation. Find out how simple and fast proving compliance can be.
System Requirements:
Install McAfee Policy Auditor on a server or desktop class system, and place an agent on each host to be audited.
Server and console
- Free disk space: 1GB minimum (first-time installation); 1.5 GB minimum (upgrade); 2 GB recommended
- Memory: 1 GB RAM minimum (2–4 GB recommended)
- CPU: Pentium III-class 1.0 GHz or better (1.5 GHz or better, multi-processor or dual-core recommended)
- OS: Microsoft® Windows® 2000 SP4/Windows Server 2003 SP1/2 R2 (32-bit) only
McAfee agents
- Pentium-class, Celeron, or compatible processor
- Memory: 512 MB RAM minimum (1 GB recommended)
- Free disk space: 100MB
- OS: Windows 2000, XP, 2003, Vista, Linux Red Hat, Solaris, Macintosh, HPUX
Database software
- Microsoft SQL Server 2005, MSDE 2000, or SQL 2000
Remote console
- New web-based console only requires a web browser
Web browser
- Microsoft Internet Explorer 6.0 SP1 or later
