TOC & Recently Viewed

Recently Viewed Topics

Compliance

Tenable.io can perform vulnerability scans of network services and log into servers to discover any missing patches.

However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.

The advantage of using Tenable.io to perform vulnerability scans and compliance audits is that all of this data can be obtained at one time. Knowing how a server is configured, how it is patched, and what vulnerabilities are present can help determine measures to mitigate risk.

At a higher level, if this information is aggregated for an entire network or asset class, security and risk can be analyzed globally. This allows auditors and network managers to spot trends in non-compliant systems and adjust controls to fix these on a larger scale.

When configuring a scan or policy, you can include one or more compliance checks.

Audit Capability Required Credentials Description
Adtran AOS SSH An option to select a predefined or custom audit policy file to be specified to test Adtran AOS based devices against compliance standards.
Amazon AWS Amazon AWS An option to select a predefined or custom audit policy file to be specified to test a Amazon AWS account against compliance standards.
Blue Coat ProxySG SSH An option to select a predefined or custom audit policy file to be specified to test Bluecoat ProxySG based devices against compliance standards.
Brocade FabricOS  SSH An option to select a predefined or custom audit policy file to be specified to test Brocade FabricOS based devices against compliance standards.
Check Point GAiA SSH An option to select a predefined or custom audit policy file to be specified to test CheckPoint GAiA based devices against compliance standards.
Cisco IOS SSH An option to select a predefined or custom audit policy file to be specified to test Cisco IOS based devices against compliance standards.
Citrix XenServer SSH An option to select a predefined or custom audit policy file to be specified to test Citrix XenServer host against compliance standards.
Database Database credentials An option to select a predefined or custom audit policy file to be specified to test Database servers against compliance standards.
Dell Force10 FTOS SSH An option to select a predefined or custom audit policy file to be specified to test Dell Force10 FTOS based devices against compliance standards.
Extreme ExtremeXOS SSH An option to select a predefined or custom audit policy file to be specified to test Extreme ExtremeXOS based devices against compliance standards.
FireEye SSH An option to select a predefined or custom audit policy file to be specified to test FireEye based devices against compliance standards.
Fortigate FortiOS SSH An option to select a predefined or custom audit policy file to be specified to test Fortigate FortiOS based devices against compliance standards.
HP ProCurve SSH An option to select a predefined or custom audit policy file to be specified to test HP ProCurve based devices against compliance standards.
Huawei SSH An option to select a predefined or custom audit policy file to be specified to test Huawei devices against compliance standards.
IBM iSeries IBM iSeries An option to select a predefined or custom audit policy file to be specified to test IBM iSeries servers against compliance standards.
Juniper Junos SSH An option to select a predefined or custom audit policy file to be specified to test Juniper Junos based devices against compliance standards.
Microsoft Azure Microsoft Azure An option to select a predefined or custom audit policy file to be specified to test Microsoft Azure accounts against compliance standards.
Mobile Device Manager AirWatch/Apple Profile Manager/Mobileiron  An option to select a predefined or custom audit policy file to be specified to test Mobile Device Management systems against compliance standards.
MongoDB MongoDB An option to select a predefined or custom audit policy file to be specified to test MongoDB servers against compliance standards.
NetApp Data ONTAP SSH An option to select a predefined or custom audit policy file to be specified to test NetApp DataONTAP devices against compliance standards.
Palo Alto Networks PAN-OS PAN-OS An option to select a predefined or custom audit policy file to be specified to test Palto Alto Networks PAN-OS based devices against compliance standards.
Rackspace Rackspace An option to select a predefined or custom audit policy file to be specified to test Rackspace accounts against compliance standards.
RHEV RHEV An option to select a predefined or custom audit policy file to be specified to test Red Hat Enterprise Virtualization servers against compliance standards.
Salesforce.com Salesforce SOAP API An option to select a predefined or custom audit policy file to be specified to test Salesforce accounts against compliance standards.
SonicWALL SonicOS SSH An option to select a predefined or custom audit policy file to be specified to test SonicWALL SonicOS based devices against compliance standards.
Unix SSH An option to select a predefined or custom audit policy file to be specified to test Unix servers against compliance standards.
Unix File Contents SSH An option to select a predefined or custom audit policy file to be specified to test Unix servers for sensitive content such as SSN, credit cards etc.
VMware vCenter/vSphere VMware ESX SOAP API or VMware vCenter SOAP API An option to select a predefined or custom audit policy file to be specified to test VMware vCenter/vSphere servers against compliance standards.
WatchGuard SSH An option to select a predefined or custom audit policy file to be specified to test WatchGuard devices against compliance standards.
Windows Windows An option to select a predefined or custom audit policy file to be specified to test Windows servers against compliance standards.
Windows File Contents Windows An option to select a predefined or custom audit policy file to be specified to test Windows servers for sensitive content such as SSN, credit cards etc.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.