Compatibility Questionnaire: McAfee (Hercules Policy Auditor) — Archive
Name of Your Organization:
Product/Service Home Page:
The McAfee Hercules Policy Auditor product is available via channel partners and directly from McAfee, Inc.
McAfee Hercules Policy Auditor customers can find OVAL information in the Hercules Vulnerability Remedy data, in the context and on-line help as well as in the product documentation.
Language Version Indication
Within the Help functionality of the Policy Auditor Console and the product documentation, it states McAfee Hercules Policy Auditor provides support for OVAL 4.0 or later schema. The image below shows a section of the Hercules User's Guide indicating the OVAL Schema version supported.
Additionally, the McAfee V-Flash service is an automated delivery mechanism connecting Hercules customers to the V-Flash server. The V-Flash Server houses the library of vulnerability remedies and policies. Hercules customer sites are updated with new remediations and policy data electronically through this service.
Notifications are included in the V-Flash notification messages indicating the date the OVAL content was last updated. The snippet below is a sample of what is depicted at the end of each V-Flash notification message.
This V-Flash uses CVE information from CVE Reference Version 20061101.
The CVE Candidate information was last updated 12/5/2006.
For additional information on the CVE process, see http://cve.mitre.org
This V-Flash uses OVAL content which was last updated 12/5/2006.
For additional information on OVAL, see http://oval.mitre.org
Approach for Correction of Errors
If you are a product vendor and you are trying to initially integrate with Hercules from an OVAL perspective, contact the Technical Contact listed above for assistance.
If you are a customer and you feel errors have been discovered in our importer or our data, contact customer support via
McAfee Corporate Technical Support:
If the problem is an OVAL content issue, the correction will be made within the next business day and made available to customers via the McAfee V-Flash service. If the problem is with the importer software itself we will work with the submitter to understand why they think they have discovered a problem with the software. If an error is encountered we will work to provide an expedient resolution to the issue.
The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the product for customer usage. It is also included in the context sensitive Help as is shown below.
Currently, Hercules has been tested with the Core, Red Hat Linux, Sun Solaris and Microsoft Windows Definition Schemas. Supporting additional platforms is a data issue at this point. The current importer should be able to support the other specified platform schemas. We will be able to support additional Definition Schemas as they are published and data to test with becomes available.
Finding Elements Using OVAL
The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the Hercules product for customer use.
Customers can also use the Third Party ID Search capabilities of the product to locate a remediation associated with a specific or set of OVAL IDs.
If a specific OVAL ID is entered, the remediation associated with the OVAL ID is selected. The user can then browse the remedy or use it in some other way.
Users can also use other search capabilities to locate sets of remedies corresponding to the search criteria entered. In the example below, simple wildcarding was used.
OVAL Content Importation Process Explanation
Keeping OVAL content current is a daily on-going process. The McAfee Avert Labs has dedicated staff members focused on assuring the accuracy and integrity of the data used within the Hercules product line. We have implemented an automated process that pulls down the OVAL content files each day for all platforms available from the MITRE site. The new information is merged into our database each time the process runs. Since we are Certified CVE Compatible, we auto-associate new OVAL checks to the appropriate remediation using the CVE ID as the key. New and updated OVAL content not auto-associated are manually reviewed to assure coverage and accuracy from a Hercules product perspective.
As new officially recognized OVAL repositories are established, McAfee will add automated support for those sites in the same manner as is done for the MITRE OVAL Repository today.
When new OVAL Schemas are released, McAfee will be matching the OVAL release schedule for minor releases so new schemas are supported immediately. For major releases we will have newly supported OVAL importers available in the next release. This is due to testing and integrating with existing product release schedules. We are and plan to continue to be an active part of the OVAL Schema development so we can minimize the time and plan releases to better fit OVAL major release schedules.
Statement of Compatibility
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."
|Title:||VP/CTE, McAfee, Inc.|
Statement of Accuracy
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."
|Title:||VP/CTE, McAfee, Inc.|
Statement on Follow-on Correctness Testing Support
Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
|Title:||VP/CTE, McAfee, Inc.|
Page Last Updated: December 17, 2009