Compliance Configuration

The Compliance section allows you to add compliance checks (also known as audits) to your scan configuration. Compliance checks allow the scan to discover how the host is configured and whether it is compliant with various industry standards. You can use Tenable's preconfigured compliance checks, or you can create and upload custom audits.

Similar to credentialed scans, adding compliance checks allows the scan to yield more data, but doing so might also increase the overall scan time.

In general, most authority-based compliance checks (for example, baselines from CIS or DISA) do not impact overall scan times significantly. However, audits that enable File Content checking usually have a significant impact on scan time because they search the target file systems for the noted patterns.

For more information about scan compliance settings, see Compliance in Vulnerability Management Scans.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.