Product guide
Appendix A: Implementing the Security Content
Automation Protocol
McAfee Policy Auditor version 6.0 uses the Security Content Automation Protocol (SCAP)
version 1.1. Security content conforming to the SCAP standard can be used by any product
supporting the standard and the results can be shared between these products.
SCAP is a collection of six open standards developed jointly by various United States government
organizations and the private sector.McAfee Policy Auditor uses the Security Content Automation
Protocol (SCAP) to perform automated audits, including policy compliance evaluations such as
the Federal Information Security Management Act (FISMA).
Contents
Statement of FDCC compliance
Statement of SCAP implementation
Statement of CVE implementation
Statement of CCE implementation
Statement of CPE implementation
Statement of CVSS implementation
Statement of XCCDF implementation
Statement of OVAL implementation
Statement of FDCC compliance
McAfee asserts that McAfee Policy Auditor version 6.0 does not alter or conflict with the Federal
Desktop Core Configuration (FDCC) settings on Microsoft Windows XP and Vista systems.
These ports are used by McAfee Policy Auditor version 6.0.
Can be editedPortSetting
No80Agent-to-server communication
Yes8081Agent wake-up communication
Yes8082Agent broadcast communication
Only during installation8443Console-to-application server
communication
Only during installation8444Sensor-to-server communication
Only during installation8801Security threats communication
Only during installation1443SQL server TCP
87McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6