Policy Lifecycle Management

Assess risk, enforce policies, remediate vulnerabilities, and streamline audit tasks — automatically

Next Steps:

Overview

Most IT teams must not only meet internal corporate compliance requirements, but industry and government regulations, as well. If you face governance requirements and HIPAA, GLBA, PCI DSS, or other regulations, leverage the McAfee portfolio to ease your workload and automate processes. The McAfee Policy Lifecycle Management solution helps you define and measure effective policies and processes. We enable these activities with templates and best-practice content that are implemented with workflow and IT control technology to help you efficiently meet your compliance needs.

Multiple, overlapping regulations mean audits are increasing in frequency and detail. McAfee eliminates audit fatigue with innovative tools that integrate and automate tedious manual tasks to help you improve security, cut costs, and achieve compliance quickly. Policy Lifecycle Management helps connect your policies to centrally managed controls that interlock from the endpoint through the network. Wherever your sensitive data and systems reside, McAfee can help you meet your internal and external compliance requirements.

Key Benefits

  • Assess risks and prioritize remediation — automatically
    Calculate business risk and prioritize limited resources based on threats, vulnerabilities, assets, and existing countermeasures.
  • Adopt and adjust policies quickly and easily
    Choose relevant policies with predefined templates for such regulations as PCI, HIPAA, GLBA, and SOX, or auto-import industry benchmarks. Adjust these rules or create your own to support your interpretations of regulations.
  • Improve compliance assessment across your entire infrastructure
    Identify policy violations and vulnerabilities that leave you open to attack and data loss. Automatic scans look across your entire environment to find violations on systems — with or without an agent — and measure your compliance with prescribed IT technical controls.
  • Enjoy end-to-end policy enforcement
    Access the industry’s broadest coverage across policy requirements and interlocking endpoint, network, and cloud-based controls, including system and file integrity solutions for field systems. Tap the McAfee Security Innovation Alliance ecosystem for extended coverage.
  • Support international frameworks and standards
    Assess and map your controls against the best practices in such frameworks as ISO 17799 / 27002 and COBIT. Use McAfee support for open content protocols — including SCAP, XCCDF, and OVAL — to import authoritative policy definitions and integrate audit tools into your existing infrastructure.
  • Prove compliance with extensive, flexible reporting
    Demonstrate compliance to key stakeholders with custom reports that define, measure, and report on the compliance of information systems based on industry, regulatory, and corporate security policies, as well as standards and frameworks.
  • Stay ahead of emerging threats
    Get streaming downloads of the latest threat protections and vulnerability research from McAfee Labs, our Global Threat Intelligence team.

Products

Data Protection

McAfee Complete Data Protection — Advanced
McAfee Complete Data Protection — Advanced

McAfee Complete Data Protection — Advanced offers strong encryption, authentication, data loss prevention, and policy-driven security controls to help block unauthorized access to your sensitive information — anytime, anywhere.

Risk & Compliance

McAfee Total Protection for Compliance
McAfee Total Protection for Compliance

McAfee Total Protection for Compliance makes compliance easy with the industry’s first integrated solution for vulnerability management, compliance assessment and reporting, and comprehensive risk management.

McAfee Change Control
McAfee Change Control

McAfee Change Control enforces change policies and provides alerts to file integrity issues, while providing options to easily block unauthorized changes to critical system files and directories.

McAfee Policy Auditor
Mcafee Policy Auditor

McAfee Policy Auditor automates data gathering and assessment processes required for internal and external system-level IT audits.

McAfee Risk Advisor
McAfee Risk Advisor

McAfee Risk Advisor saves you time and money by proactively correlating threat, vulnerability, and countermeasure information to pinpoint at-risk assets and optimize patching efforts.

McAfee Vulnerability Manager
McAfee Vulnerability Manager

McAfee Vulnerability Manager finds and prioritizes vulnerabilities and policy violations on your network. It balances asset criticality with vulnerability severity, enabling you to focus protection on your most important assets.

Services

Data Loss Prevention Assessment

Detect and prevent the unauthorized transmission or disclosure of sensitive information. McAfee Strategic Security Services reduces your risk of exposure by identifying sensitive data copied or currently in transit from its original intended container.

Identity Theft Red Flags Rule Service

Meet compliance requirements and improve your organization’s overall security posture. McAfee Strategic Security Services experts help you implement an identity theft prevention program, analyzing data flow and risk, as well as developing policies for detecting, preventing, and mitigating identity theft.

Incident Management Check

Build a better, more effective incident response and management program. McAfee Strategic Security Services analyzes the gaps in your incident management program and offers recommendations to improve your emergency response protocol.

Payment Card Industry (PCI) Security Solutions

Meet PCI DSS requirements. McAfee Strategic Security Services’ PCI Security Solutions strengthen data security, ensuring you meet industry requirements.

Regulatory & Compliance Check

Meet information security compliance requirements. McAfee Strategic Security Services assesses gaps in your organization’s regulatory and compliance status and makes next-step recommendations.

Vulnerability Management Check

Assess your vulnerability management program. McAfee Strategic Security Services analyzes the gaps in your program to ensure you have the right balance of people, process, and technology.

Resources

Reports

Risk & Compliance Outlook 2012

In this global study, independent research firm Evalueserve examines the dynamic risk and compliance market, including the state of the industry, the challenges faced by enterprises, and emerging trends that will impact both consumers and vendors.

Community

Blogs

  • Shedding light on ‘Shadow IT’
    David Small - January 9, 2014

    BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born. After the devices came the apps. Companies reported […]

    The post Shedding light on ‘Shadow IT’ appeared first on McAfee.

  • Walking the Talk on Public-Private Partnerships
    Tom Gann - August 16, 2013

    There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest:  there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it […]

    The post Walking the Talk on Public-Private Partnerships appeared first on McAfee.

  • Five Factors That Make D.C. Region a Cybersecurity Hub
    Tom Gann - May 29, 2013

    McAfee is based in Silicon Valley, but we know there’s more to tech than California. We recently joined the National Institute of Standards and Technology to launch the National Cybersecurity Center of Excellence, a joint effort among high-tech business, federal, state and local government and local universities located in Rockville, Md. The goal of the […]

    The post Five Factors That Make D.C. Region a Cybersecurity Hub appeared first on McAfee.

  • Getting Assurance in a Time Constrained World
    McAfee - May 20, 2013

    Nothing is as frustrating as when something goes wrong, especially when you have time constraints.  NIST has just released Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations where a few notable items have been added to increase the confidence that security, practices, procedures and architectures of information systems […]

    The post Getting Assurance in a Time Constrained World appeared first on McAfee.

  • Response Now as Important as Prevention
    Leon Erlanger - February 24, 2012

    The National Institute of Standards and Technology (NIST) has updated its Computer Security Incident Handling Guide to take into account the increasingly dire state of cyber security. As anyone who has followed the rush of high-profile incursions over the past year knows, it’s looking less and less possible to prevent the inevitable attack, no matter […]

    The post Response Now as Important as Prevention appeared first on McAfee.