Compliance Checks

(Available only with a Nessus ProfessionalFeed subscription)

The Tenable Nessus® vulnerability scanner can be used to perform agentless configuration audits of UNIX, Windows, and Mac OS X systems, applications, and databases. If your organization has a configuration policy for server settings, or if you wish to audit your systems against public and government best practices from the NSA, CERT, and CIS, Nessus can perform these audits for you.

SecurityCenter and ProfessionalFeed Support

The Nessus compliance checks are available to Tenable customers who subscribe to the Nessus ProfessionalFeed or who have implemented Tenable SecurityCenter. ProfessionalFeed subscribers can run the configuration audits as part of their regular vulnerability scans and patch audits with Nessus. SecurityCenter customers can use specific compliance audits against specific assets. This allows for auditing and reporting of unique assets, such as, the HR database servers, email servers, firewalls, Active Directory servers, and so on.

PCI Auditing

Nessus ProfessionalFeed subscribers can perform PCI DSS vulnerability audits, web application assessments, and configuration audits of the operating systems, applications, and SQL databases against minimum PCI-recommended standards.

PCI Scanning of LAMP Server

Tenable also offers a variety of complete enterprise PCI solutions that build on our additional log analysis, user monitoring, and network behavioral profiling solutions, including the ability to perform a PCI scan on a LAMP server.

Configuration Auditing

Nessus can perform configuration scans of UNIX, Windows, and Mac OS X servers, applications, and databases to test for specific policy settings. Supported configuration audit policies include, but are not limited to:

• Anti-virus vendor audits
• CERT recommendations
• CIS best practice guides
• DISA STIGs
• GLBA guidelines
• HIPAA profiles
• NIST SCAP and FDCC content
• NSA best practice guides
• PCI configuration requirements
• Recommended vendor settings
• Cisco router configurations

The types of configuration audits performed by Nessus include Windows user policies, file permissions, registry permissions, service permissions, and specific security policies, such as, Kerberos and event auditing policies. Windows tests can also include custom WMI queries and scanning for computers that have been infected with viruses and malware. For UNIX systems, user policies, file permissions, running processes, and file content checks can be audited. SQL audits can detect a wide variety of issues, such as, if various stored procedures have been disabled. Combinations of each of these types of audits can be combined to perform tests against thousands of files, registry settings, users, and so on. Audits of Cisco routers ensure that authentication, services, SNMP, and other settings are hardened to best practice standards.