Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Compliance Summary Report

by Cody Dumont
February 27, 2014

Organizations today are often required to be compliant with more than one standard or framework. Tenable.sc provides an understandable and easy to deploy mechanism that reports on several compliance standards at one time. This report provides a summary view of all supported compliance standards and frameworks.

This report provides a summary view of all supported compliance standards and frameworks. Each of the standards have been grouped into 5 categories, which allows each organization to select the standards and categories that apply to their own business requirements. Each category is represented in a separate chapter (as shown below in the chapter descriptions) with separate sections for each compliance standard. 

Tenable.sc is preconfigured with over 500 audit files, many of which are developed to support the Center for Internet Security (CIS) Benchmarks. Each benchmark is then compared against all the supported standards and the cross-reference field is mapped accordingly. Using the CIS Benchmark audit files ensures all supported standards are checked. This cross-reference feature allows customers to run a single scan and audit the system configurations against Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPPA), International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC) (ISO/IEC) 27000, and many others. 

CIS Benchmark files are created for common operating systems and some critical business applications such as SQL servers. Therefore, when attempting to perform compliance scanning, organizations should select the CIS benchmark that is closely related to the operating system used by the audit file. Scans with audit files require admin credentials to verify the configuration settings. To save even more time, organizations can add audit files to their vulnerability scans, as the audit files are smart enough to only be executed on the supported operating systems. For example, Windows 7 audit files are not run on Windows 2008 server. This functionality brought together in a single report enables compliance managers to easily understand cross compliance requirements and report as required. 

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The report requirements are:

  • Tenable.sc 5.2.0
  • Nessus 8.5.1

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable.sc Continuous View (Tenable.sc CV) measures compliance in real-time without human intervention, allowing the organization to identify gaps and lapses are detected and prioritized immediately. With more supported technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure, Tenable.sc CV provides the best solution for managing compliance with regulations. Tenable provides peace of mind to customers, because Tenable.sc CV detects security and compliance issues before our competitors.

Chapters

Executive Summary: This chapter provides executive teams with a high level view of compliance status across multiple supported standards. All compliance checks are shown in a collective matrix, followed by trend analysis. 

National Institute of Standards and Technology (NIST): This chapter provides compliance data on publications maintained by the National Institute of Standards and Technology (NIST). Organizations can use this information to understand how their systems are compliant with government standards and configuration catalogs, such as NIST 800-53 and CSF. All standards covered in this chapter use the NIST 800-53 catalogs to help establish a framework to assist in verification of best practices throughout the network. Each section provides data focused on a specific standard and offers host and configuration tables.

Industry Compliance Standards: This chapter provides compliance information for many of the industry standards such as Control Objectives for Information and Related Technologies (COBIT), Critical Security Controls (CSC), North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), and Payment Card Industry Data Security Standard (PCI-DSS). While also providing some data on governance standards such Bundesamt für Sicherheit in der Informationstechnik (BSI) IT-Grundschutz Methodology and Health Insurance Portability and Accountability Act (HIPAA). Many of these frameworks were developed by the industry to avoid government-imposed regulation, such as PCI, while others were created by the industry after legislation was passed, such as HIPAA. Regardless of the initial development cause this standards are designed to work in a specific environment such as commerce or health care. Each section provides a focused data on a specific standard, and offers a host and configuration tables.

DoD (STIG) Audit Checks: This chapter covers the DoD required Security Technical Implementation Guide (STIG). The chapter is broken down into 3 sections, one reporting using the Department of Defense Instruction (DoDI) 8500.2 Information Assurance (IA) Implementation, followed by the CAT vulnerability ratings, and the other using ID labels found in the SCAP files. These audit results are mostly useful to DoD organizations or companies that must maintain compliance with DoD standards. 

Vendor: This chapter provides focus into compliance standards that are established by vendors. The two sections are SWIFT and VMWARE. Over time, as more vendor compliance standards are supported, additional sections will be added to this chapter. The data in this chapter is only useful to those organizations, which deploy the respective vendors solutions.

International: This chapter provides focus into compliance standards that are established by International organizations or governments. The four sections cover IT-Grundschutz BSI-100-2, China Level 3 (CN-L3) Security Controls, ISO/IEC-27001, and the Taiwan Bankers Association (TBA). Each of these sections provide a summary matrix followed by more detailed tables of affected hosts and compliance settings.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training