Edit an ACR Manually

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Moderate Product Offering.

Required Additional License: Tenable Lumin

Required User Role: Administrator

You can customize an asset's Asset Criticality Rating (ACR) value to reflect the unique infrastructure or needs of your organization. You can edit the ACR for a single asset independently or multiple assets simultaneously.

Tip: Changes to an ACR value (and recalculations for your AES and CES values) take effect within 24 hours.

Tip: For information about how Tenable Vulnerability Management prioritizes manually overridden ACR values, see Asset Criticality Rating (ACR).

Important: Edits to your Tenable Lumin ACR do not sync to any connected Tenable Security Center consoles.

Note: All Tenable Lumin data reflects all assets within the organization's Tenable Vulnerability Management instance.

To edit the ACR for a single asset:

  1. In the Tenable Vulnerability Management interface, do one of the following:

    Location Action
    Asset Details page
    1. Access the Asset Details page.
    2. Click an asset row.

      The Asset Details page appears.

    3. In the Asset Criticality Rating section, click the button.

      The Tenable Lumin Edit Asset Criticality Rating plane appears.

    Assets page
    1. Access the Assets page.

    2. In the assets table, roll over the asset you want to edit.
    3. Click the More button.
    4. Click the Edit ACR button.

      The Edit Asset Criticality Rating plane appears.

  2. Do one of the following:
    • To modify the ACR value, click or drag the Asset Criticality Rating slider to increase or decrease the ACR.
    • To reset an existing ACR value to the Tenable-provided ACR value, click Reset to Tenable ACR.
  3. (Optional) If you want to include a justification for your ACR change, in the Overwrite Reasoning section, select one or more reasons.

    For example, if an asset in your development lab environment received a Tenable-assigned ACR appropriate for a more public asset, you could select Dev Only as the overwrite reasoning.

  4. (Optional) If you want to include a note about your ACR change, in the Notes section, type a note.
  5. Click Save.

    Tenable Vulnerability Management saves the custom ACR.

To edit the ACR for multiple assets:

  1. In the Workspace menu, click Lumin.

    The Lumin dashboard appears.

  2. In the Cyber Exposure Score by Business Context/Tag widget, click the tag for which you want to view asset details.

    The Tenable Lumin Business Context/Tag Asset Details page appears, filtered by the tag you selected.

  3. Access the Assets page through the Asset Criticality Rating Breakdown widget, the Asset Scan Distribution widget, or the Asset Scan Frequency widget, as described in View Business Context/Tag Asset Details.

    The Assets page appears, filtered by your widget selection.

  4. In the table, select the check boxes next to the assets that you want to edit.

    The action bar appears at the bottom of the page.

  5. In the action bar, click the button.

    The Tenable Lumin Edit Asset Criticality Rating plane appears.

  6. Click and drag the Asset Criticality Rating slider to set the ACR.
  7. (Optional) If you want to include a justification for your ACR change, in the Overwrite Reasoning section, select one or more reasons.
  8. (Optional) If you want to include a note about your ACR change, in the Notes section, type a note.
  9. Click Save.

    Tenable Vulnerability Management saves the custom ACR for all selected assets.