Name of Your Organization:

McAfee, Inc.

Web Site:

http://www.mcafee.com/

Adopting Capability:

McAfee Policy Auditor

Capability home page:

http://www.mcafee.com/us/products/policy-auditor.aspx

General Capability Questions

Adoption Capabilities

If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.

OVAL Authoring Tool — Yes
OVAL Definition Evaluator — Yes
OVAL Systems Characteristics Producer — Yes

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

The product is available via a commercial license. Further information on purchasing McAfee Policy Auditor is available online from http://www.mcafee.com/us/purchase.aspx.

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

The product currently supports OVAL Versions 5.3, 5.4, 5.5, 5.6. Our upcoming version adds support up to 5.9.

Capability Correctness Questions

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

Customers who feel they have discovered an error can utilize the Technical Support ServicePortal online at https://mysupport.mcafee.com/Eservice/Default.aspx to determine if the error encountered is a known error. A KnowledgeBase article may exist that describes the situation and the anticipated timeline to correction. If it appears this is a new error, customers can open a help desk ticket with McAfee Support.

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

All reported potential errors are investigated by the technical support department. If a defect is confirmed, it is escalated to the appropriate SCAP content development team to be investigated and corrected. Once corrected, the updated content will be made available either via the normal content posting cycle or via an out-of-band release as appropriate.

Documentation Questions

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

From the "McAfee Policy Auditor 5.3.0 Software Product Guide for ePolicy Orchestrator 4.5":

  1. Page 11 under "What’s new": Statement of support for OVAL 5.6.
  2. Page 18 under "Full OVAL results": Description of setting to retain "full" or "thin" OVAL results.
  3. Page 39-40 under "Audits and how they work": Statement that rules are generally written in the OVAL language. Includes diagram of rule.
  4. Page 49 under "Exporting audit and audit results": Describes concept of exporting audits and audit results to OVAL and software task of exporting audits to OVAL.
  5. Page 79 under "PA: Check Catalog List": Describes built-in query for displaying OVAL checks in the software’s check catalog.
  6. Page 79 under "PA: Check Catalog Usage List": Describes built-in query for displaying a list of OVAL checks in the software, including the rule and XCCDF benchmark associations.
  7. Page 82-85: Appendix describing how the software implements the Security Content Automation Protocol.
  8. Page 85: Statement of OVAL implementation with details about how the software implements OVAL.

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)

We support all tests in the following schemas, with the exception of the sql_test.

  • aix-definitions-schema.xsd
  • hpux-definitions-schema.xsd
  • independent-definitions-schema.xsd
  • linux-definitions-schema.xsd
  • macos-definitions-schema.xsd
  • solaris-definitions-schema.xsd
  • unix-definitions-schema.xsd
  • windows-definitions-schema.xsd

Because we are enterprise software, we do not and will not support the sql_test in its current form for security reasons.

OVAL Content Error Reporting <AR_3.3>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.

From the "McAfee Policy Auditor 5.3.0 Software Product Guide for ePolicy Orchestrator 4.5":

  1. Page 79 under "PA: Errors by Rule": Describes built-in query for displaying a list of rules (containing OVAL checks) that failed during processing.
  2. Page 80 under "PA: Errors by Rule": Describes built-in query for displaying rules (containing OVAL checks) from audits that fail with a result of "error."
  3. Page 81 under "PCI Req 5: Use AV or App Whitelisting": Describes built-in query for displaying rules containing OVAL checks from audits that fail with a result of "error."
  4. Page 85: Statement of OVAL implementation with details about how the software can display OVAL in XML format for users to find the cause of errors.

Customers who discover an error in the OVAL output content can open a McAfee Support Helpdesk ticket.

Content Validity Questions

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

The server product will report schema errors to the user when the user attempts to import an oval_definitions file which is not schema valid. The endpoint device engine will do the same.

Type-Specific Capability Questions

Authoring Tool Capability Questions

Search by ID <AR_7.1>

Indicate how the user can search for Definitions, Tests, Objects, States, and Variables by ID.

When searching for OVAL content on the server’ check catalog, the user can specify values and a relational operator(match, equal, not equal, gt, lt, starts with, ends with) to compare against most of the fields in the definition element (e.g., element id, check title, description, associated OS supported by the check. Support for searching through non-definition elements is not provided.

Encourage Content Reuse <AR_7.2>

If the product attempts to encourage content reuse, indicate how the product encourages reuse of existing OVAL content.

Only implicitly by providing a check catalog with a search capability.

User Invoked Validation <AR_7.3>

If the product supports user invoked content validation, indicate how the user can validate content against the OVAL Language W3C XML Schema and Schematron rules.

Only validation of independently created content is via xsl schema validation during the content checking process.

Content Import <AR_7.4>

Indicate how users can import OVAL content into the product.

Users are provided a dialog to specify a file (flat or zipped) which is expected to contain valid OVAL. In the case of the zip file an error is returned for any contained file that is not schema valid. In the case of a flat file, the user will be informed of specific schema validation errors, and warnings about elements which are duplicates of existing elements, but do not have a higher version number.

Content Export <AR_7.5>

Indicate how the product allows users to export OVAL content from the product.

User dialogs are provided when the user is viewing the check catalog. The user can search for and select a set of OVAL definitions and the request that the be exported as an oval_definitions file.

Duplicate Content Detection and Reporting <AR_7.6>

If the product detects and reports duplicate content, indicate how the product does this and how the product reports duplicates to the user.

During imports, the user will be informed with warnings about elements which are duplicates of existing elements, but do not have a higher version number.

Capability Value <AR_7.7>

Indicate how the product differs from a standard XML editor and provides additional capability tailored to authoring OVAL content.

The check generator does not allow manipulation of the xml. The user is asked to enter various properties associated with a check template (sometimes referred to a primitive) and a check is generated to match the template and the provided parameters.

Definition Evaluator Capability Questions

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

The OVAL results file contains all of the components of all checks in the input OVAL definitions file. All definitions therein are evaluated and will appear in the OVAL results file with the appropriate status.

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

||Insert answer here.||

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

A standard OVAL results file is created, including both the input definitions (and their component parts, along with the system characteristics element, contain the data retrieved for each of the objects in the OVAL definitions file.

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

The OVAL results file will by default contain a full OVAL results file.

Systems Characteristics Producer Capability Questions

Collecting System Data <AR_5.2> <AR_5.3>

Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.

The evaluation engine first finds all objects in the objects element and collects the data from them into the system characteristics element of the results document.

Content Export <AR_5.2> <AR_5.3>

Indicate how the product allows users to export OVAL System Characteristics documents.

There is a command line option that allows the user to specify the creation of a separate systems characteristics file.

Adoption Signature

Questions for Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards

Page Last Updated: May 04, 2011