Compliance in Tenable Vulnerability Management Scans

Note: If a scan is based on a user-defined template, you cannot configure Compliance settings in the scan. You can only modify these settings in the related user-defined template.

Tenable Vulnerability Management can perform vulnerability scans of network services as well as log in to servers to discover any missing patches.

However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.

You can use Tenable Vulnerability Management to perform vulnerability scans and compliance audits to obtain all of this data at one time. If you know how a server is configured, how it is patched, and what vulnerabilities are present, you can determine measures to mitigate risk.

At a higher level, if this information is aggregated for an entire network or asset class, security and risk can be analyzed globally. This allows auditors and network managers to spot trends in non-compliant systems and adjust controls to fix these on a larger scale.

When configuring a scan or policy, you can include one or more compliance checks, also known as audits. Each compliance check requires specific credentials.

Some compliance checks are preconfigured by Tenable, but you can also create and upload custom audits.

For more information on compliance checks and creating custom audits, see the Compliance Checks Reference.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.

Compliance Check Required Credentials
Adtran AOS SSH
Alcatel TiMOS SSH
Amazon AWS Amazon AWS
Arista EOS SSH
Aruba0S SSH
Blue Coat ProxySG SSH
Brocade FabricOS SSH
Check Point GAiA SSH
Cisco ACI SSH
Cisco Firepower SSH
Cisco IOS SSH
Cisco Viptela SSH
Citrix Application Delivery SSH
Database Database
Extreme ExtremeXOS SSH
F5 F5
FireEye SSH
Fortigate FortiOS SSH
Generic SSH SSH
Google Cloud Platform SSH
HP ProCurve SSH
Huawei VRP SSH
IBM DB2 DB Database
IBM iSeries IBM iSeries
Juniper Junos SSH
Microsoft Azure Microsoft Azure
Mobile Device Manager AirWatch or Mobileiron
MongoDB MongoDB
Microsoft SQL Sever DB Database
MySQL DB Database
NetApp API NetApp API
NetApp Data ONTAP SSH
OpenShift OpenShift Container Platform
OpenStack OpenStack
Oracle DB Database
NetApp Data ONTAP SSH
Palo Alto Networks PAN-OS PAN-OS
Rackspace Rackspace
RHEV RHEV
Salesforce.com Salesforce SOAP API
SonicWALL SonicOS SSH
Splunk Splunk API
Sybase DB Database
Unix SSH
Unix File Contents SSH
VMware vCenter/vSphere VMware ESX SOAP API or VMware vCenter SOAP API
WatchGuard SSH
Windows Windows
Windows File Contents Windows
Zoom Zoom
ZTE ROSNG SSH