Manage Disputes

Required User Role: Administrator and Custom Role

In Tenable PCI ASV, you can manage your Disputes in the following ways:

Create a Dispute

Before you begin:

Create an Attestation for the scan.
(Optional) To remove certain assets from the Tenable PCI ASV review, mark each asset as out of scope.

To create a dispute:

Access the Tenable PCI ASV Workbench.
Click the In Remediation tab.

A table of your attestation requests appears.
Click the attestation that has a failure you want to dispute.

The Attestation Details page appears.
Click the Undisputed Failures tab.

A table of the undisputed failures for the attestation appears.
Do one of the following:
- To create a dispute for a single failure, roll over the row for the failure you want to dispute and click > Create Dispute.
- To create a dispute for multiple failures, select the check box next to each failure you want to dispute and click Create Dispute.
  Note: You can create a single dispute for multiple failures only if all the failures have the same plugin ID.
  Depending on the attestation, one of the following pages appears:
  - If the failure is associated with an asset that already has attestations with disputes, the Clone disputes page appears. You can either clone a dispute or create a new dispute.
    To clone a dispute:
    1. Click the attestation from which you want to clone the dispute.
      The Disputes to Clone plane appears and displays the disputes that will be cloned from the attestation.
    2. Click Clone.
      A Disputes successfully cloned message appears and Tenable PCI ASV clones the dispute into the attestation.
  - If there are no attestations to clone for a failure, the New Dispute page appears.
To create a new dispute, follow these steps on the New Dispute page:
1. In the Name box, type a name for the dispute.
  
  Note: By default, a concatenation of the IP address and plugin ID associated with the failure appears in the Name box.
2. (Optional) To assign the dispute to a different user, in the Owner drop-down box, select the user you to whom you want to assign the dispute.
3. In the Reason drop-down box, select the reason for the dispute. For details on each reason, see Dispute Reasons.
4. In the Explanation text box, type an explanation for the dispute.
  
  Note: You can click the plugin ID to get more information about the failure and use the information in your explanation.
5. (Optional) To add an external file as evidence to support your dispute, do the following:
  - In the Evidence section, click Add File.
    An explorer window appears.
  - Select the file you want to add to your dispute.
  Note: Tenable PCI ASV supports the following file types for evidence attachments:
  - .bmp
  - .csv
  - .db
  - .gif
  - .jpeg
  - .jpg
  - .json
  - .nessus
  - .pdf
  - .png
  - .txt
  When you upload a file as evidence, Tenable PCI ASV automatically saves the uploaded file to the dispute before you click Save or Cancel.
6. (Optional) To add more files to the dispute, repeat the previous step.
  
  Note: You can add as many files as you want to a dispute as long as the total file size does not exceed 10 GB.
7. Click Save.
  
  Tenable PCI ASV saves your dispute to the attestation.
  
  A Dispute Successfully Submitted notification momentarily appears.
  
  Your dispute appears in the Disputes tab.

What to do next:

(Optional) To change details of the dispute, edit the dispute.
(Optional) To remove the dispute from your attestation, delete the dispute.

Edit a Dispute

Note: You cannot edit a dispute after you submit the attestation for ASV review.

To edit a dispute:

Access the Tenable PCI ASV Workbench.
Click the In Remediation tab.

A table of your attestation requests appears.
Click the attestation that has a dispute you want to edit.

The Attestation Detail page appears.
Click the Disputes tab.

A table of your disputes appears.
Click the dispute you want to edit.

The Edit Dispute page appears.
Configure the options you want to change. For information about the available options, see Create a Dispute.
Click Save.

Tenable PCI ASV saves your edits to the dispute.

Clone a Dispute to an Attestation

You can clone a dispute from a previously submitted attestation for use in a new attestation.

Note: When you clone a dispute from an attestation, any other disputes attached to the same attestation are deleted.

Access the Tenable PCI ASV Workbench.
Click the In Remediation tab.

A table of your attestation requests appears.
Click the attestation that has a dispute you want to clone into a previously submitted attestation.

The Attestation Detail page appears.
Click the Undisputed Failures tab.

A table of the undisputed failures for the attestation appears.
In the upper-right corner, click Clone Disputes.

The Clone Disputes page appears.

Note: Only attestations that you previously submitted for ASV validation appear in the table.
Click the row that contains the attestation disputes you want to clone.

The Disputes to Clone panel appears and displays the disputes to be cloned.
Click Clone.
A Disputes successfully cloned message appears and Tenable PCI ASV clones the dispute to the appropriate attestation.

Delete a Dispute

Note: You cannot delete a dispute after you submit the attestation associated to the dispute for ASV review.

To delete a dispute:

Access the Tenable PCI ASV Workbench.
Click the In Remediation tab.

A table of your attestation requests appears.
Click the attestation that has a dispute you want to edit.

The Attestation Detail page appears.
Click the Disputes tab.

A table of your disputes appears.
Do one of the following:
- To delete one dispute:
  1. In the row for the dispute you want to delete, click the button.
    
    A menu appears.
  2. Click Delete.
- To delete multiple disputes:
  1. Select the check box next to each dispute you want to delete.
  2. In the action bar, click Delete.
Tenable PCI ASV deletes the dispute and removes it from the attestation.