Special Use Templates

Note: For more information about performing custom audits with Nessus, see the Custom Auditing video.


Nessus compliance auditing can be configured using one or more of the following Scanner and Agent templates.

  • Audit Cloud Infrastructure
  • MDM Config Audit
  • Offline Config Audit
  • SCAP and OVAL Auditing
  • Policy Compliance Auditing

Mobile Device

With Nessus Manager, the Nessus Mobile Devices plugin family provides the ability to obtain information from devices registered in a Mobile Device Manager (MDM) and from Active Directory servers that contain information from Microsoft Exchange Servers.

  • To query for information, the Nessus scanner must be able to reach the Mobile Device Management servers. You must ensure no screening devices block traffic to these systems from the Nessus scanner. In addition, Nessus must be given administrative credentials (e.g., domain administrator) to the Active Directory servers.
  • To scan for mobile devices, Nessus must be configured with authentication information for the management server and the mobile plugins. Since Nessus authenticates directly to the management servers, a scan policy does not need to be configured to scan specific hosts.
  • For ActiveSync scans that access data from Microsoft Exchange servers, Nessus will retrieve information from phones that have been updated in the last 365 days.

Payment Card Industry (PCI)

Tenable offers two Payment Card Industry Data Security Standard (PCI DSS) templates: one for testing internal systems (11.2.1) and one for Internet facing systems (11.2.2). Also, these scan templates may also be used to complete scans after significant changes to your network, as required by PCI DSS 11.2.3.

Template Product Description

PCI Quarterly External Scan

Tenable.io Only

The PCI Quarterly External Scan template is only available in Tenable.io. Using this template, Tenable.io tests for all PCI DSS external scanning requirements, including web applications.

The scan results obtained using the PCI Quarterly External Scan template may be submitted to Tenable, Inc. (an Approved Scanning Vendor) for PCI validation.

Refer to the Scan Results section for details on creating, reviewing, and submitting PCI scan results.

PCI Quarterly External Scan (Unofficial)

Nessus Manager

Nessus Professional

For Nessus Manager and Nessus Professional versions, Tenable provides the PCI Quarterly External Scan (Unofficial) template.

This template can be used to simulate an external scan (PCI DSS 11.2.2) to meet PCI DSS quarterly scanning requirements. However, the scan results from the Unofficial template cannot be submitted to Tenable, Inc. for PCI Validation.

The PCI Quarterly External Scan (Unofficial) Template performs the identical scanning functions as the Tenable.io version of this template.

PCI Quarterly External Scan (Unofficial)

Nessus Manager

Nessus Professional

The Internal PCI Network Scan template can be used to meet PCI DSS Internal scanning requirement (11.2.1).


The National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP) is a set of policies for managing vulnerabilities and policy compliance in government agencies. It relies on multiple open standards and policies, including OVAL, CVE, CVSS, CPE, and FDCC policies.

  • SCAP compliance auditing requires sending an executable to the remote host.
  • Systems running security software (e.g., McAfee Host Intrusion Prevention), may block or quarantine the executable required for auditing. For those systems, an exception must be made for the either the host or the executable sent.
  • When using the SCAP and OVAL Auditing template, you can perform Linux and Windows SCAP CHECKS to test compliance standards as specified in NIST’s Special Publication 800-126.