Edit an ACR Manually

The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required Additional License: Tenable Lumin

Required User Role: Administrator

You can customize an asset's Asset Criticality Rating (ACR) value to reflect the unique infrastructure or needs of your organization. You can edit the ACR for a single asset independently or multiple assets simultaneously.

Tip: Changes to an ACR value (and recalculations for your AES and CES values) take effect within 24 hours.

Tip: For information about how Tenable Vulnerability Management prioritizes manually overridden ACR values, see Asset Criticality Rating (ACR).

Note: All Tenable Lumin data reflects all assets within the organization's Tenable Vulnerability Management instance.

To edit the ACR for a single asset:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. Do one of the following:

    Location Action
    Asset Details page

    1. In the left navigation plane, in the Asset View section, click Assets.

      The Assets page appears.

    2. Click an asset row.

      The Asset Details page appears.

    3. In the Asset Criticality Rating section, click the button.

      The Tenable Lumin Edit Asset Criticality Rating plane appears.
    Assets page

    1. In the left navigation plane, in the Asset View section, click Assets.

      The Assets page appears.

    2. In the assets table, roll over the asset you want to edit.
    3. Click the More button.

    4. Click the Edit ACR button.

      The Edit Asset Criticality Rating plane appears.
  3. Do one of the following:
    • To modify the ACR value, click or drag the Asset Criticality Rating slider to increase or decrease the ACR.
    • To reset an existing ACR value to the Tenable-provided ACR value, click Reset to Tenable ACR.

  4. (Optional) If you want to include a justification for your ACR change, in the Overwrite Reasoning section, select one or more reasons.

    For example, if an asset in your development lab environment received a Tenable-assigned ACR appropriate for a more public asset, you could select Dev Only as the overwrite reasoning.

  5. (Optional) If you want to include a note about your ACR change, in the Notes section, type a note.

  6. Click Save.

    Tenable Vulnerability Management saves the custom ACR.

To edit the ACR for multiple assets:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Lumin.

    The Lumin dashboard appears.

  3. In the Cyber Exposure Score by Business Context/Tag widget, click the tag for which you want to view asset details.

    The Tenable Lumin Business Context/Tag Asset Details page appears, filtered by the tag you selected.

  4. Access the Assets page through the Asset Criticality Rating Breakdown widget, the Asset Scan Distribution widget, or the Asset Scan Frequency widget, as described in View Business Context/Tag Asset Details.

    The Assets page appears, filtered by your widget selection.

  5. In the table, select the check boxes next to the assets that you want to edit.

    The action bar appears at the bottom of the page.

  6. In the action bar, click the button.

    The Tenable Lumin Edit Asset Criticality Rating plane appears.

  7. Click and drag the Asset Criticality Rating slider to set the ACR.
  8. (Optional) If you want to include a justification for your ACR change, in the Overwrite Reasoning section, select one or more reasons.
  9. (Optional) If you want to include a note about your ACR change, in the Notes section, type a note.

  10. Click Save.

    Tenable Vulnerability Management saves the custom ACR for all selected assets.