Beruflich Dokumente
Kultur Dokumente
Policy Auditor
Lal Narayanasamy
Group Product Manager, McAfee Risk and
Compliance
Steve Aughinbaugh
Head, Policy Auditor Development
November 4, 2011
Agenda
McAfee Policy Auditor Overview
McAfee Policy Auditor and Standards
McAfee and SCAP
Evolution of McAfee Policy Auditor
Centrality of SCAP to product vision
November 4, 2011
Standards based
SCAP
XCCDF, OVAL, CVSS, CVE
Published Industry
templates
Configurable Baseline
audits
Manage exceptions,
waivers
November 4, 2011
Select/Tailor/Create
Policy Benchmark
Assign Assets to
Audit
Single Management
and Reporting
Structure
View Audit Results
Execute Audits
Your CUSTOM
FISMA
FDCC*
ISO 27001
COBIT
PCI DSS
GLBA
SOX
HIPAA
NERC
Agenda
McAfee Policy Auditor Overview
McAfee Policy Auditor and Standards
McAfee and SCAP
Evolution of McAfee Policy Auditor
Centrality of SCAP to product vision
November 4, 2011
NIST
Vulnerability Detection
McAfee Vulnerability Manager
PA 5.0.1 (2009)
SCAP certification
attained
Agent-agentless
integration
PA 5.0 (2008)
Full ePO integration
Waivers and
exceptions
management
Benchmark and
check editors
PA 5.1(2009)
Full localization
German, French,
Spanish, Japanese,
Chinese
PA 5.3 (2010)
Actionable findings
API
OVAL 5.6 support
PCI dashboard
SCAP content for
Swedish, Brazilian
Portuguese
PA 5.2(2009)
Findings
Periodic FIM
SCAP content for
Italian, Polish
PA 6.x (2012)
SCAP 1.2 support
Agenda
McAfee Policy Auditor Overview
McAfee Policy Auditor and Standards
McAfee and SCAP
Evolution of McAfee Policy Auditor
Centrality of SCAP to product vision
13
November 4, 2011
Initiative
Localized/Internationalized product
and content
Findings
15
November 4, 2011
GEO specific policies that need to have benchmarks created for them
ACSI 33, J-SOX, EU 8th Company Law Directive on Statutory Audit, etc.
Language
Localized
French (FR)
German (DE)
Italian (IT)
Japanese (JP)
Polish (PL)
Spanish (ES)
Swedish (SV)
Creation of content
Testing of content
Publication of content
Findings - Drivers
Provide data to satisfy Auditors
Auditors often require more detailed information about a pass or a fail
A configuration item passes, but what value does it have?
22
November 4, 2011
November 4, 2011
23
Title of presentation
November 4, 2011
November 4, 2011
25
November 4, 2011
Files system
Registry
Trustees/Users
And more
27
28
29
Agenda
McAfee Policy Auditor Overview
McAfee Policy Auditor and Standards
McAfee and SCAP
Evolution of McAfee Policy Auditor
Centrality of SCAP to product vision
30
November 4, 2011
November 4, 2011
32
November 4, 2011
Agenda
McAfee Policy Auditor Overview
McAfee Policy Auditor and Standards
McAfee and SCAP
Evolution of McAfee Policy Auditor
Centrality of SCAP to product vision
33
November 4, 2011
Proactive
Optimized
Value
Secure
Additive cost
Organizational Maturity
34
35
November 4, 2011
Questions?
37
November 4, 2011