Create an Attestation

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required User Role: Administrator

After you submit a PCI ASV scan to the PCI ASV dashboard, you must create an attestation request draft.

Note: When you create an attestation request draft for a scan, you do not also submit the scan for ASV attestation. You must dispute all remaining failures and address all out of scope assets before you submit the attestation for ASV approval.

Caution: You cannot create an attestation for scans that are more than 90 days old.

To create an attestation request:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. Click PCI ASV.

    The PCI ASV page appears, displaying a scans table.

  3. In the scans table, in the New Scan Results tab, select the check box next to the scan or scans for which you want to create an attestation.

  4. In the action bar, click Start Attestation.

    The Attestation Detail page appears.

    Note: You cannot start an attestation for Web Application Scan unless you include a PCI Quarterly External scan as well. For more information on scans, see Tenable-Provided Nessus Scanner Templates.

  5. In the Name box, type the name of the attestation as you want it to appear on the attestation request.

    Note: Tenable recommends that you type a name you can easily identify. After you submit the attestation request, you cannot change the name on the attestation.

  6. (Optional) To assign the attestation to a different user, in the Owner drop-down box, select the user to whom you want to assign the attestation.
  7. Click Save.

    Tenable.io saves the attestation draft in the In Remediation tab of the PCI ASV table.

    Note: You can return to a saved, unsubmitted attestation and configure the options until you submit the attestation for review.

What to do next: