User Management
Tenable Security Center uses Organizations, Groups, and Roles to define user permissions.
Tenable recommends working with one organization as much as possible, unless you have specific requirements for managing your users. For example, if there are users located in different geographical locations, you may want to create one organization per location. This ensures proper data segmentation when users are attempting to access data or resources in Tenable Security Center. For more information, see Organizations.
Groups provide more granularity for user permissions. Tenable recommends using different Groups to provision permissions for objects to different users, based on the level of access that they require. For more information, see Groups.
Lastly, Tenable recommends using the eight system-provided roles as much as possible, without creating custom roles unless necessary. You may find it more efficient to use the system-provided roles as these roles cover most use cases. For more information, see Roles.
For TNS-authenticated users, Tenable recommends implementing the following for increased account security:
-
Enable the User Must Change Password option to ensure users change their password upon initial login.
-
Inform users to set their passwords with sufficient complexity — 9 to 12 characters with at least one uppercase letter, one lowercase character, one special character, and one number. This can be enforced using the Minimum Password Length and Password Complexity options.
-
Enable the Password Expiration option in line with your organization’s existing password expiration policy.
-
Enforce account disabling for inactive users using the Days Users Remain Enabled option.
-
Enforce account lockout for too many failed login attempts using the Maximum Login Attempts option.
For more information about these account security options, see TNS User Account Options and Security Settings in the Tenable Security Center documentation.