Name of Your Organization:

McAfee, Inc.

Web Site:

http://www.mcafee.com/

Adopting Capability:

McAfee Vulnerability Manager

Capability home page:

http://www.mcafee.com/us/products/vulnerability-manager.aspx

Adoption Capabilities

If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.

OVAL Definition Evaluator — Yes

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

The product is available via a commercial license. Further information on purchasing McAfee Vulnerability Manager is available online from http://www.mcafee.com/us/purchase.aspx.

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

The current product statement of compliance may be found on the NIST site at https://nvd.nist.gov/validation_vulnerabilitymanager_docs.html. OVAL 5.5 is supported for MVM 6.8-7.0. Updates to supported OVAL versions are indicated in product and patch release notes.

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

Customers who feel they have discovered an error can utilize the Technical Support ServicePortal online at https://mysupport.mcafee.com/Eservice/Default.aspx to determine if the error encountered is a known error. A KnowledgeBase article may exist that describes the situation and the anticipated timeline to correction. If it appears this is a new error, customers can open a help desk ticket with McAfee Support.

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

All reported potential errors are investigated by the technical support department. If a defect is confirmed, it is escalated to the appropriate SCAP content development team to be investigated and corrected. Once corrected, the updated content will be made available either via the normal content posting cycle or via an out-of-band release as appropriate.

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

From the Vulnerability Manager web-portal, choose "Help", then "Organization or Workgroup Administrator Help", expand the "Vulnerability Manager x.y Reference Guide" topic, and refer to the "How XCCDF/OVAL benchmark scans work" topic.

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)

• aix [1]
  • fileset
  • fix
  • oslevel
• apache
  • none
• catos
  • none
• esx
  • none
• freebsd
  • none
• hpux [2]
  • getconf
  • patch
  • patch53
  • swlist
  • trusted
• independent [1,2,3,4,5]
  • family
  • environmentvariable
  • textfilecontent
  • textfilecontent54
  • filemd5
  • filehash
  • variable
  • xmlfilecontent
  • xpath
• ios
  • global
  • interface
  • line
  • snmp
  • tclsh
  • version
• linux
  • inetlisteningservers [1,2,3,4]
  • rpminfo [3]
• macos
  • none
• solaris [4]
  • isainfo
  • package
  • patch
  • patch54
  • smf
• unix [1,2,3,4]
  • file
  • inetd
  • interface
  • password
  • process
  • runlevel
  • shadow
  • uname
  • xinetd
• windows [5]
  • accesstoken
  • activedirectory
  • auditeventpolicy
  • file
  • fileeffectiverights
  • fileeffectiverights53
  • fileauditedpermissions
  • fileauditedpermissions53
  • group
  • groupsid
  • interface
  • lockoutpolicy
  • metabase
  • passwordpolicy
  • printereffectiverights
  • process
  • registry
  • regkeyeffectiverights53
  • regkeyeffectiverights
  • regkeyauditedpermissions
  • regkeyauditedpermissions53
  • sharedresource
  • sid
  • sidsid
  • uac
  • user
  • usersid
  • volume
  • wmi
  • wuaupdatesearcher

[1] These tests are supported for: AIX

[2] These tests are supported for: HPUX

[3] These tests are supported for: Red Hat Enterprise Linux; other Linux distributions may return correct results, but are not officially supported

[4] These tests are supported for: Sun Solaris

[5] These tests are supported for: Windows desktop and server

Additional OS and Test support may be provided from time to time; please refer to product release notes for details.

All core constructs are supported for the highest OVAL schema version supported by the product.

OVAL Content Error Reporting <AR_3.3>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.

Customers who discover an error in the OVAL output content can open a McAfee Support Helpdesk ticket.

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

OVAL content may be imported for product use by a Global Administrator, with optional syntax validation and immediate user-interface feedback regarding errors.

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

Users may generate and examine an HTML report to view formatted OVAL results including System Characteristics, Definition, Criteria, and Criterion evaluation status and results, individual Test results, Items tested, Objects collected, Items generated, and more.

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

OVAL content may be imported for product use by a Global Administrator, with optional syntax validation. Imported content is available for immediate use.

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

Users may generate and examine an HTML report to view formatted OVAL results including System Characteristics, Definition, Criteria, and Criterion evaluation status and results, individual Test results, Items tested, Objects collected, Items generated, and more.

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

Users may download an HTML report-bundle which includes a separate schema-valid XML OVAL Results File for each target system.

Adoption Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Kent Landfield
TITLE: Director, Content Strategy, Architecture and Standards