McAfee Policy Auditor

McAfee Policy Auditor

Reduce compliance cost by automating the IT audit process

Overview

By mapping IT controls against predefined policy content, McAfee Policy Auditor helps you report consistently and accurately against key industry mandates and internal policies across your infrastructure or on specific targeted systems. Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits.

Streamlined deployment and management — The McAfee ePolicy Orchestrator (ePO) platform provides easy Policy Auditor deployment, and simplified reporting and compliance management.

Flexible policy formation — Within minutes, Policy Auditor allows for the creation of new policies designed by you, set by corporate governance, or from authoritative sites such as Federal Desktop Core Configuration (FDCC). Real-time audits and controls for setting the frequency of data capture deliver timely information for compliance.

Predefined templates and controls — Policy Auditor comes with predefined benchmark templates and the ability to ensure protection of the business by employing blackout windows that halt data capture during key business periods.

Features & Benefits

Streamline proof of compliance

Use prebuilt policy templates that eliminate manual effort and demonstrate adherence to key industry mandates and internal governance policies, including PCI DSS, SOX, GLBA, HIPAA, FISMA, and the best-practice frameworks ISO 27001 and COBIT. Policy Auditor includes a purpose-built PCI dashboard that delivers a consolidated view of the state of compliance by PCI requirement/control.

Receive unprecedented integration with McAfee ePO and Vulnerability Manager

Use McAfee ePolicy Orchestrator (ePO) software to lower cost of ownership by consolidating endpoint security management and compliance management, easing agent deployment, administration, and reporting. Integration with McAfee Vulnerability Manager enables organizations to consolidate agent and agentless audits.

Get the latest standards in compliance validation

Keep updated on compliance standards. Security Content Automation Protocol (SCAP) validation by the National Institute of Standards and Technology (NIST) enables agencies to comply with the Federal Desktop Core Configuration (FDCC) standard.

Customize and extend Policy Auditor IT controls checking

Create rules from any scripting language supported by the system being audited to extend the check capabilities of Policy Auditor. Sample languages include VBScript, batch files, Perl, and Python.

Prevent disruption to critical business applications with blackout window

Set the frequency of data capture to support automated reports with accurate data. To prevent disruption to critical business applications, a blackout window lets IT operations block audit data capture during key business periods.

Get Fast, automated import of industry benchmarks

Download benchmarks from authoritative sites. Within minutes, view detailed security guidance to confirm regulatory compliance or design your own internal governance policies based on security community best practices.

System Requirements

Operating Systems

  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows XP Pro
  • Microsoft Windows 2000 (Advanced/Professional), 2003 (Enterprise/Standard), 2008
  • Microsoft Windows XP, 2003, 2008 R1
  • Red Hat Enterprise Linux 3.0
  • Red Hat Enterprise Linux (AS, ES, WS) 4.0, 5.0, 5.1
  • MAC OS X 10.4, 10.5
  • HP-UX (RISC) 11iv1, 11iv2
  • AIX (Power5, Power6) 5.3 TL8 SP5, 6.1 TL2 SP0

Demos / Tutorials

Demos

Use a single solution and achieve continuous compliance with McAfee Configuration Control.

Learn how McAfee Risk and Compliance products scan your entire network, providing complete visibility and ensuring proper protection.

Tutorials

For guidance on how to use this McAfee product, watch the Quick Tips video listed above.

Customer Stories

CSTISA

CSTISA uses McAfee ePolicy Orchestrator (ePO) software as a primary sales tool to sell McAfee Endpoint Protection solutions.

Highlights
  • Supports year-over-year scalability and business continuity
  • Helps build trust as an IT security advisor to customers
  • Provides expert service to customers, from sales and installation through ongoing support
  • Allows expansion into new markets, such as cloud security services

Intelsat

Intelsat trusts McAfee to protect user and network devices globally.

Highlights
  • Protected a diverse environment from internal and external threats, including the inherent risks of a fluctuating population of 250 to 500 contractors
  • Managed the entire server system with 1.5 full-time employees (FTEs)
  • Reduced solution cost by 75% over a la carte purchases from separate vendors
  • Standardized a security environment that previously required five vendors
  • Complied with regulations, including SOX, HIPAA, and Department of Defense (DoD)

James Tower

McAfee keeps James Tower secure and compliant with industry regulations.

Highlights
  • Reduced time required to push out the most current security and virus patches to minutes, rather than hours or days
  • Used to apply patches, updates, settings, and other security measures consistently across all systems
  • Dramatically reduced audit time as well as time to build and maintain servers
  • Provided fast, accurate profiling of all systems
  • Facilitated decision making through a centralized, consolidated dashboard and robust reporting

Scottrade

Scottrade partners with McAfee to secure customer data.

Highlights
  • Eliminated network vulnerabilities and protected customer information
  • Improved monitoring and control of workstations and servers via a single management console
  • Streamlined and accelerated security management and vulnerability assessment
  • Simplified deployment, patches, and upgrades
  • Helped Scottrade garner multiple awards for customer satisfaction and IT excellence

News / Events

Resources

Data Sheets

McAfee Policy Auditor Software

For a technical summary on the McAfee product listed above, please view the product data sheet.

Solution Briefs

Continuous Compliance Simplified

McAfee Configuration Control combines the advanced capabilities of McAfee Policy Auditor and McAfee Change Control to put you in command of your compliance requirements.

White Papers

The Case for Continuous Compliance

McAfee Configuration Control eliminates manual processes and point product integration, providing single-console control for meeting compliance requirements.

Community

Blogs

  • Shedding light on ‘Shadow IT’
    David Small - January 9, 2014

    BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born. After the devices came the apps. Companies reported […]

    The post Shedding light on ‘Shadow IT’ appeared first on McAfee.

  • Walking the Talk on Public-Private Partnerships
    Tom Gann - August 16, 2013

    There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest:  there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it […]

    The post Walking the Talk on Public-Private Partnerships appeared first on McAfee.

  • Five Factors That Make D.C. Region a Cybersecurity Hub
    Tom Gann - May 29, 2013

    McAfee is based in Silicon Valley, but we know there’s more to tech than California. We recently joined the National Institute of Standards and Technology to launch the National Cybersecurity Center of Excellence, a joint effort among high-tech business, federal, state and local government and local universities located in Rockville, Md. The goal of the […]

    The post Five Factors That Make D.C. Region a Cybersecurity Hub appeared first on McAfee.

  • Getting Assurance in a Time Constrained World
    McAfee - May 20, 2013

    Nothing is as frustrating as when something goes wrong, especially when you have time constraints.  NIST has just released Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations where a few notable items have been added to increase the confidence that security, practices, procedures and architectures of information systems […]

    The post Getting Assurance in a Time Constrained World appeared first on McAfee.

  • Response Now as Important as Prevention
    Leon Erlanger - February 24, 2012

    The National Institute of Standards and Technology (NIST) has updated its Computer Security Incident Handling Guide to take into account the increasingly dire state of cyber security. As anyone who has followed the rush of high-profile incursions over the past year knows, it’s looking less and less possible to prevent the inevitable attack, no matter […]

    The post Response Now as Important as Prevention appeared first on McAfee.