Tenable Cloud Platform Licensing Policy

The Tenable Cloud Platform Licensing Policy provides customers an understanding of Tenable product definitions and their licensing policies. This policy may be updated periodically at Tenable’s sole discretion.

Platform Licensing Breakdown

The Tenable Cloud Platform consists of multiple products. You can purchase products through Tenable One, or some products may be purchased individually.

For information about how Tenable One Platform applications are licensed, see the Tenable Licensing Quick Reference Guide.

Definitions

The following terms are used throughout this document and in your Tenable license agreement.

Term	Definition
Asset	An asset is defined as: A physical or virtual device with an operating system connected to a network. An active (non-terminated) cloud resource (including but not limited to containers, virtual devices, applications, native services, IaC etc.) that is monitored for policy violations and security risk. A web application with an FQDN. A user, under the constructs of Identity Security Products. Example assets include, but are not limited to: laptops, desktops, servers, routers, firewalls, switches, IoT devices, mobile phones, virtual machines, software containers, IaC, operational technology devices, cloud resources, and user accounts
Assessed Asset	Any asset that has been scanned for a vulnerability, configuration, or state.
Discovered Asset	Any asset that has been identified by discovery plugins, but not scanned for vulnerability, configuration or state.
Licensed Asset	Any asset that has been assessed within the product's specified metered billing term. Only billable cloud run time resources are considered as licensed assets and counted as such. Licenses are calculated by the number of scanner type(s) applied per resource.
Unlicensed Asset	Any asset that hasn't been assessed within the metered billing term and is within the data retention period noted in the Tenable Master Agreement.
Terminated Asset	When an asset is terminated in a cloud platform, the cloud connector automatically flags it as "terminated". This soft deletion removes the asset's vulnerability data and frees its license seat after a nightly cleanup job.
Deleted Asset	Assets manually deleted via the UI or API are permanently removed and cannot be restored. These assets remain licensed until the end of the billing term; however, assets removed via the Asset Age Out feature are immediately deleted for hygiene, permanently removing both the asset and its vulnerability data. To optimize license usage, review the Tenable Vulnerability Management Scan Tuning Guide to align your licensed asset count with your assessment strategy.
License Size	The number of assets you've purchased that can be assessed or scanned. Tenable allows temporary elasticity to exceed the license, but for no more than 30 days before it's considered a violation of the license agreement.
Scan Target(s)	The Tenable Master Agreement defines scan targets as the targets or subjects of a scan. For the purposes of this policy, an asset is considered a scan target.

Elastic Licensing

On a temporary basis, you can exceed your contracted license size. However, you must true up when license counts continue to be exceeded.

The primary benefits of elastic asset licensing are:

Compensates for imperfect scan hygiene.
Allows for temporary asset increases from activities such as hardware refreshes or sudden environment growth.
Compensates for modern cloud environments and ephemeral assets that don't have traditional life spans.
Adapts to and reflects dynamic customer environments.

If your license size is exceeded for more than 30 days, review the Tenable Overage Process.