Create an Attestation

The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required User Role: Administrator

After you submit a Tenable PCI ASV scan to the Tenable PCI ASV dashboard, you must create an attestation request draft.

Note: When you create an attestation request draft for a scan, you do not also submit the scan for ASV attestation. You must dispute all remaining failures and address all out of scope assets before you submit the attestation for ASV approval.

Caution: You cannot create an attestation for scans that are more than 90 days old.

To create an attestation request:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. Click PCI ASV.

   The PCI ASV page appears, displaying a scans table.

3. In the scans table, in the New Scan Results tab, select the check box next to the scan or scans for which you want to create an attestation.

4. In the action bar, click Start Attestation.

   The Attestation Detail page appears.

   Note: You cannot start an attestation for Tenable Web App Scanning unless you include a PCI Quarterly External scan as well. For more information on scans, see Scan Templates.
   

   

5. In the Name box, type the name of the attestation as you want it to appear on the attestation request.

   Note: Tenable recommends that you type a name you can easily identify. After you submit the attestation request, you cannot change the name on the attestation.

6. (Optional) To assign the attestation to a different user, in the Owner drop-down box, select the user to whom you want to assign the attestation.

7. Click Save.

   Tenable Vulnerability Management saves the attestation draft in the In Remediation tab of the Tenable PCI ASV table.

   Note: You can return to a saved, unsubmitted attestation and configure the options until you submit the attestation for review.

What to do next:

• If the scan includes any assets that are irrelevant to the Tenable PCI ASV review, mark each irrelevant asset out of scope.
• If the new attestation displays any failures in the Undisputed Failures tab, create a dispute for each failure.