Create a Dispute

Required User Role: Administrator and Custom Role

When you run a Tenable PCI ASV scan and the scan detects failures, you must dispute the failures before you can submit the associated attestation for ASV review.

Before you begin:

• Create an Attestation for the scan.
• (Optional) To remove certain assets from the Tenable PCI ASV review, mark each asset as out of scope.

To create a dispute:

1. Access the Tenable PCI ASV Workbench.

2. Click the In Remediation tab.

   A table of your attestation requests appears.

3. Click the attestation that has a failure you want to dispute.

   The Attestation Details page appears.

4. Click the Undisputed Failures tab.

   A table of the undisputed failures for the attestation appears.

   

5. Do one of the following:

   • To create a dispute for a single failure, roll over the row for the failure you want to dispute and click > Create Dispute.

   • To create a dispute for multiple failures, select the check box next to each failure you want to dispute and click Create Dispute.
     Note: You can create a single dispute for multiple failures only if all the failures have the same plugin ID.

     Depending on the attestation, one of the following pages appears:

     • If the failure is associated with an asset that already has attestations with disputes, the Clone disputes page appears. You can either clone a dispute or create a new dispute.

       

       To clone a dispute:

       1. Click the attestation from which you want to clone the dispute.

          The Disputes to Clone plane appears and displays the disputes that will be cloned from the attestation.

       2. Click Clone.

          A Disputes successfully cloned message appears and Tenable PCI ASV clones the dispute into the attestation.

     • If there are no attestations to clone for a failure, the New Dispute page appears.

       

6. To create a new dispute, follow these steps on the New Dispute page:

   1. In the Name box, type a name for the dispute.

      Note: By default, a concatenation of the IP address and plugin ID associated with the failure appears in the Name box.

   2. (Optional) To assign the dispute to a different user, in the Owner drop-down box, select the user you to whom you want to assign the dispute.
   3. In the Reason drop-down box, select the reason for the dispute. For details on each reason, see Dispute Reasons.

   4. In the Explanation text box, type an explanation for the dispute.

      Note: You can click the plugin ID to get more information about the failure and use the information in your explanation.

   5. (Optional) To add an external file as evidence to support your dispute, do the following:

      • In the Evidence section, click Add File.

        An explorer window appears.

      • Select the file you want to add to your dispute.

      Note: Tenable PCI ASV supports the following file types for evidence attachments:

      • .bmp
      • .csv
      • .db
      • .gif
      • .jpeg
      • .jpg
      • .json
      • .nessus
      • .pdf
      • .png
      • .txt

      When you upload a file as evidence, Tenable PCI ASV automatically saves the uploaded file to the dispute before you click Save or Cancel.

   6. (Optional) To add more files to the dispute, repeat the previous step.

      Note: You can add as many files as you want to a dispute as long as the total file size does not exceed 10 GB.

   7. Click Save.

      Tenable PCI ASV saves your dispute to the attestation.

      A Dispute Successfully Submitted notification momentarily appears.

      Your dispute appears in the Disputes tab.

What to do next:

• (Optional) To change details of the dispute, edit the dispute.
• (Optional) To remove the dispute from your attestation, delete the dispute.