This script is Copyright (C) 2012 Tenable Network Security, Inc.
Notes the proper handling of false positives in PCI DSS scans.
Note that per PCI Security Standards Council (PCI SSC) standards, if
the version of the remote software is known to contain flaws, a
vulnerability scanner must report it as vulnerable. The scanner must
still flag it as vulnerable, even in cases where a workaround or
mitigating configuration option is in place. This will result in the
scanner issuing false positives by PCI SSC design.
It is recommended that any workarounds and mitigating configurations
that are in place be documented including technical details, to be
presented to a third-party PCI auditor during an audit.
Risk factor :
Family: Policy Compliance
Nessus Plugin ID: 60020 ()
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.