Encryption Strength

Tenable Nessus Network Monitor uses the following default encryption for storage and communications.

Note: If your organization requires that your instance of Tenable Nessus Network Monitor meets National Information Assurance Partnership (NIAP) standards, certain settings may be configured differently than the following information. For more information, see Configure Tenable Nessus Network Monitor for NIAP Compliance

Function	Encryption
Storing user account passwords	SHA-512 and the PBKDF2 function with a 512 bit key
Database encryption	OFB-AES-128 XTS-AES-256 when configured for NIAP compliance.
Passphrase for SSL browser certificates	Tenable Nessus Network Monitor does not store passphrases for any certificates. For information on how OpenSSL encrypts and stores passphrases for SSL certificates, see the OpenSSL documentation.
Communications between Tenable Nessus Network Monitor and clients (Tenable Nessus Network Monitor user interface users).	TLS 1.2 with the strongest encryption method supported by Tenable Nessus Network Monitor and your browser. For information on cipher suites used, see Enable Strong Encryption. Cipher suites are overriden when configured for NIAP compliance.
Communications between Tenable Nessus Network Monitor and the Tenable product registration server	TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384.
Communications between Tenable Nessus Network Monitor and the Tenable plugin update server	TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384.

Copyright © 2025 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.