Special Use Templates

Compliance

You can configure Nessus compliance auditing using one or more of the following Scanner and Agent templates:

  • Audit Cloud Infrastructure
  • MDM Config Audit
  • Offline Config Audit
  • SCAP and OVAL Auditing
  • Policy Compliance Auditing

Mobile Device

With Nessus Manager, the Nessus Mobile Devices plugin family allows you to obtain information from devices registered in a Mobile Device Manager (MDM) and from Active Directory servers that contain information from Microsoft Exchange Servers.

  • To query for information, the Nessus scanner must be able to reach the Mobile Device Management servers. Ensure no screening devices block traffic to these systems from the Nessus scanner. In addition, you must give Nessus administrative credentials (for example, domain administrator) to the Active Directory servers.
  • To scan for mobile devices, you must configure Nessus with authentication information for the management server and the mobile plugins. Since Nessus authenticates directly to the management servers, you do not need to configure a scan policy to scan specific hosts.
  • For ActiveSync scans that access data from Microsoft Exchange servers, Nessus retrieves information from phones that have been updated in the last 365 days.

Payment Card Industry (PCI)

Tenable offers two Payment Card Industry Data Security Standard (PCI DSS) templates: one for testing internal systems (11.2.1) and one for Internet facing systems (11.2.2). Also, you can use these scan templates to complete scans after significant changes to your network, as required by PCI DSS 11.2.3.

Template Product Description

PCI Quarterly External Scan

Tenable.io Only

The PCI Quarterly External Scan template is only available in Tenable.io. Using this template, Tenable.io tests for all PCI DSS external scanning requirements, including web applications.

You can submit the scan results obtained using the PCI Quarterly External Scan template to Tenable, Inc. (an Approved Scanning Vendor) for PCI validation.

Refer to the Scan Results section for details on creating, reviewing, and submitting PCI scan results.

PCI Quarterly External Scan (Unofficial)

Nessus Manager


Nessus Professional

For Nessus Manager and Nessus Professional versions, Tenable provides the PCI Quarterly External Scan (Unofficial) template.

you can use this template to simulate an external scan (PCI DSS 11.2.2) to meet PCI DSS quarterly scanning requirements. However, you cannot submit the scan results from the Unofficial template to Tenable, Inc. for PCI Validation.

The PCI Quarterly External Scan (Unofficial) Template performs the identical scanning functions as the Tenable.io version of this template.

PCI Quarterly External Scan (Unofficial)

Nessus Manager


Nessus Professional

You can use the Internal PCI Network Scan template to meet PCI DSS Internal scanning requirement (11.2.1).

SCAP and OVAL

The National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP) is a set of policies for managing vulnerabilities and policy compliance in government agencies. It relies on multiple open standards and policies, including OVAL, CVE, CVSS, CPE, and FDCC policies.

  • SCAP compliance auditing requires sending an executable to the remote host.
  • Systems running security software (for example, McAfee Host Intrusion Prevention), may block or quarantine the executable required for auditing. For those systems, you must make an exception for either the host or the executable sent.
  • When using the SCAP and OVAL Auditing template, you can perform Linux and Windows SCAP CHECKS to test compliance standards as specified in NIST’s Special Publication 800-126.