By mapping IT controls against predefined policy content, McAfee Policy Auditor helps you report consistently and accurately against key industry mandates and internal policies across your infrastructure or on specific targeted systems. Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits.
Streamlined deployment and management — The McAfee ePolicy Orchestrator (ePO) platform provides easy Policy Auditor deployment, and simplified reporting and compliance management.
Flexible policy formation — Within minutes, Policy Auditor allows for the creation of new policies designed by you, set by corporate governance, or from authoritative sites such as Federal Desktop Core Configuration (FDCC). Real-time audits and controls for setting the frequency of data capture deliver timely information for compliance.
Predefined templates and controls — Policy Auditor comes with predefined benchmark templates and the ability to ensure protection of the business by employing blackout windows that halt data capture during key business periods.
Features & Benefits
Streamline proof of compliance
Use prebuilt policy templates that eliminate manual effort and demonstrate adherence to key industry mandates and internal governance policies, including PCI DSS, SOX, GLBA, HIPAA, FISMA, and the best-practice frameworks ISO 27001 and COBIT. Policy Auditor includes a purpose-built PCI dashboard that delivers a consolidated view of the state of compliance by PCI requirement/control.
Receive unprecedented integration with McAfee ePO and Vulnerability Manager
Use McAfee ePolicy Orchestrator (ePO) software to lower cost of ownership by consolidating endpoint security management and compliance management, easing agent deployment, administration, and reporting. Integration with McAfee Vulnerability Manager enables organizations to consolidate agent and agentless audits.
Get the latest standards in compliance validation
Keep updated on compliance standards. Security Content Automation Protocol (SCAP) validation by the National Institute of Standards and Technology (NIST) enables agencies to comply with the Federal Desktop Core Configuration (FDCC) standard.
Customize and extend Policy Auditor IT controls checking
Create rules from any scripting language supported by the system being audited to extend the check capabilities of Policy Auditor. Sample languages include VBScript, batch files, Perl, and Python.
Prevent disruption to critical business applications with blackout window
Set the frequency of data capture to support automated reports with accurate data. To prevent disruption to critical business applications, a blackout window lets IT operations block audit data capture during key business periods.
Get Fast, automated import of industry benchmarks
Download benchmarks from authoritative sites. Within minutes, view detailed security guidance to confirm regulatory compliance or design your own internal governance policies based on security community best practices.