Scoring audits When McAfee Policy Auditor performs an audit on a system, it generates information about system compliance that includes a compliance score. The software supports the four scoring models described in the National Institute of Standards and Technology (NIST) document Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 (http://csrc.nist.gov/publications/nistir/ir7275-rev4/NISTIR-7275r4.pdf): Default scoring model Flat unweighted scoring model Flat scoring model Absolute scoring model The software is preconfigured to use a normalized implementation of the flat unweighted scoring model. You can change the scoring model and the software recalculates scores to reflect the change. Default scoring modelThe default scoring model computes the score independently for each collection of subgroups and rules in each group, and again for each rule and group in the audit's benchmarks. Flat unweighted scoring modelThe flat unweighted scoring model computes the score (the number of rules that passed) and compares it against the maximum score. McAfee Policy Auditor is preconfigured to use a normalized implementation of the flat unweighted scoring model. Flat scoring modelThe flat scoring model compares the system score with the maximum possible system score. Absolute scoring modelThe absolute scoring model yields a score of 100 when a system passes all applicable rules, and a score of 0 if all applicable rules don't pass. Change the scoring modelYou can change the scoring model that McAfee Policy Auditor uses when reporting audit results. When you change the scoring model, the software recalculates the scores to reflect the selected model.