Managing Audit Waivers
Waivers allow you to temporarily affect how systems are audited and have the potential to affect
audit scores. They are useful when you have a system that you know may be out of compliance
but you do not want to bring the system into compliance for a temporary period.
For example, you may have systems in the Accounting Department that you do not want to
patch near the end of an accounting cycle. You can create a waiver that will temporarily ignore
any missing patches on systems until after the end of the accounting cycle. You can also create
another type of waiver that suppresses the systems from being audited.
Contents
Types of waivers
Waiver status
How start and expiration dates work
Examples of filtering waivers by date
Filtering waivers by group
How waiver requests and grants work
Making waivers expire
Deleting waivers
Types of waivers
McAfee Policy Auditor provides three types of audit waivers that apply to selected systems.
Each type of waiver affects scoring results differently:
•
Exception waiver — Forces the audit results of a selected benchmark rule to have a result
of pass. This potentially affects the score of system audits.
•
Exemption waiver — Prevents selected systems from being audited. Systems not audited
do not appear in audit results.
•
Suppression — Allows a selected benchmark rule to be included in an audit, but excludes
the results. This affects the score of system audits.
All waivers have these common characteristics:
•
A system, multiple systems, or groups of systems selected from the System Tree.
•
A start date and an expiration (end) date.
In addition, exception and suppression waivers must include a selected rule from a selected
benchmark. The waiver applies to any audit that contains the benchmark. Since exemption
waivers are independent of benchmarks or rules, the interface does not give you the opportunity
to select them.
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
52
