McAfee EPOLICY ORCHESTRATOR 4.0.2 - Podręcznik Użytkownika Strona 20
- Strona / 96
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Statement of CVE Implementation
McAfee Policy Auditor 5.0 fully implements and supports the Common Vulnerabilities and
Exposures (CVE) standard vulnerability dictionary. CVE provides unique, standardized identifiers
for security vulnerabilities. CVE does not address compliance items — only vulnerability issues.
Each CVE identifier consists of a CVE identifier number, such as CVE-2008-0042; an indication
of whether the CVE has a status of "entry" or "candidate;" a description of the vulnerability;
and any references, such as advisories or OVAL identification.
The security content provided by McAfee refers to CVE identifiers when addressing vulnerabilities
and whether a vendor's patch has been applied to address the vulnerability. Policy Auditor
Statement of CCE Implementation
McAfee Policy Auditor 5.0 fully implements and supports the Common Configuration Enumeration
(CCE) standard.
While CVE identifies vulnerabilities, CCE uniquely identifies security-related configuration issues
in a standard manner. CCE is designed to support software-based configurations, not hardware
configurations. Further, if there are several ways to set a configuration, such as password
length, CCE concentrates on the configuration itself, not the means by which that configuration
was achieved.
CCE references in SCAP content allow Policy Auditor to compare configurations across systems
and across single systems over a user-definable period of time.
Statement of CPE Implementation
McAfee Policy Auditor 5.0 fully implements the Common Platform Enumeration (CPE) standard.
CPE provides a standard reference and notation method to software and operating systems.
For example, Windows XP is is a structured naming scheme that is based upon the generic
syntax for Uniform Resource Identifiers (URI). CPE provides the following:
• formal name format
• language for describing complex platforms
• method for checking names against a system
• description format for binding text and tests to a name
Policy Auditor allows uses to create audits with SCAP content that covers a number of common
Operating Systems and platforms. For example, an audit may cover both Windows XP and
Windows Vista operating systems. By using CPE, Policy Auditor is able to use the correct SCAP
content on the correct system.
Statement of CVSS Implementation
McAfee Policy Auditor 5.0 fully implements the Common Vulnerability Scoring System (CVSS).
CVSS is a standardized open framework for measuring the impact of vulnerabilities. Each CVE
includes an associated CVSS vector for use in determining the relative severity of vulnerabilities.
CVSS is built upon a quantitative model that ensures repeatable measurements on systems,
valid comparisons between systems, and allows users to view the underlying vulnerability
Complying with SCAP
Statement of CVE Implementation
McAfee Policy Auditor 5.0 Product Guide20
- McAfee Policy Auditor 5.0 1
- Product Guide 1
- Contents 3
- Policy Auditor 9
- Benchmark Editor 9
- Using this guide 10
- Configuring Policy Auditor 12
- Server setting categories 13
- How permission sets work 14
- Built-in permission sets 15
- Policy Auditor Agent Plug-in 16
- Editing server settings 16
- Duplicating a permission set 17
- Editing a permission set 17
- Deleting a permission set 18
- Complying with SCAP 19
- Supported platforms 23
- Managing content 23
- Wake Up Agents 27
- Creating and Managing Audits 30
- Audits and how they work 31
- Audit exports 36
- Exporting audits to XCCDF 37
- Exporting audits to OVAL 37
- Creating a new audit 37
- Selecting benchmarks 38
- Defining frequency 39
- Saving your audit 39
- Editing existing audits 40
- Saving your existing audits 41
- Deleting Audits 42
- Scoring Audits 43
- Changing the scoring model 44
- Creating and Managing Waivers 45
- How waivers work 46
- Waivers catalog 46
- Types of waivers 47
- Waiver status 48
- Filtering waivers 49
- Filtering waivers by status 50
- Requesting waivers 51
- Granting waivers 52
- Expiring waivers 53
- Deleting waivers 53
- Managing Issues and Tickets 54
- Tickets and how they work 55
- How comments are handled 56
- How tickets are reopened 56
- Required fields for mapping 57
- Sample mappings 58
- Working with issues 60
- Assigning issues 62
- Viewing the details of issues 62
- Adding comments to issues 62
- Editing issues 63
- Deleting issues 63
- Purging closed issues 63
- Copying the Remedy files 65
- Mapping issues to tickets 69
- Working with tickets 71
- Synchronizing ticketed issues 72
- Querying the Database 73
- Public and personal queries 74
- Query permissions 74
- Query Builder 75
- Multi-server roll-up querying 76
- Registering ePO servers 77
- Working with queries 78
- Running an existing query 79
- Running a query on a schedule 79
- Duplicating queries 81
- Importing queries 82
- PA: Benchmark Checks 83
- PA: Benchmark Rules 83
- PA: Checks Across Benchmarks 83
- PA: Check Catalog List 83
- PA: Check Catalog Usage List 84
- PA: Systems by Audit 84
- Dashboards and how they work 86
- Working with Dashboards 88
- Making a dashboard public 89
- (continued) 93
Powiązane produkty i podręczniki dla Oprogramowanie McAfee EPOLICY ORCHESTRATOR 4.0.2 -
(74 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.082 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji