Edit an ACR Manually

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.

Required Additional License: Tenable One / Tenable Lumin

Required User Role: Administrator

You can customize an asset's Asset Criticality Rating (ACR) value to reflect the unique infrastructure or needs of your organization. You can only edit the ACR for a single asset.

Note: Changes to an ACR value (and recalculations for your AES and CES values) take effect within 24 hours.

Tip: For information about how Tenable Vulnerability Management prioritizes manually overridden ACR values, see Asset Criticality Rating (ACR).

Important: Edits to your Tenable Lumin ACR do not sync to any connected Tenable Security Center consoles.

Note: All Tenable Lumin data reflects all assets within the organization's Tenable Vulnerability Management instance.

To edit the ACR for a single asset:

  1. In the Tenable Vulnerability Management interface, do one of the following:

    Location Action
    Asset Details page
    1. Access the View Asset Details page.

    2. Click an asset row.

      The Asset Details page appears.

    3. In the Asset Criticality Rating section, click the button.

      The Tenable Lumin Edit Asset Criticality Rating plane appears.
    Assets page

    1. Access the Assets page.

    2. In the assets table, roll over the asset you want to edit.
    3. Click the More button.

    4. Click the Edit ACR button.

      The Edit Asset Criticality Rating plane appears.
  2. Do one of the following:
    • To modify the ACR value, click or drag the Asset Criticality Rating slider to increase or decrease the ACR.
    • To reset an existing ACR value to the Tenable-provided ACR value, click Reset to Tenable ACR.

  3. (Optional) If you want to include a justification for your ACR change, in the Overwrite Reasoning section, select one or more reasons.

    For example, if an asset in your development lab environment received a Tenable-assigned ACR appropriate for a more public asset, you could select Dev Only as the overwrite reasoning.

  4. (Optional) If you want to include a note about your ACR change, in the Notes section, type a note.

  5. Click Save.

    Tenable Vulnerability Management saves the custom ACR.