PCI Compliance

Nessus Perimeter Service Wins Global Excellence Award for PCI Compliance

by Jeffrey Man
March 7, 2014

Tenable Network Security was recognized at the 10th Annual Info Security Industry’s Global Excellence Awards dinner held last week in San Francisco. Nessus®/ Nessus Perimeter Service™ received a Global Excellence Award in the PCI Compliance Category. The Info Security Products Guide recognizes that over two-thirds of all PCI-Certified Approved Scanning Vendors (ASV) use Nessus, making Nessus the preferred vulnerability scanning solution for those companies that provide compliance validation services.

Tenable Launches “Straight Talk About PCI” Discussion Forum

by Jeffrey Man
December 19, 2013

Have you ever tried to navigate the PCI website and gotten lost and confused?

Are you part of the 99% of companies that must traverse the PCI Compliance landscape as part of the “Self-Assessment” or “do-it-yourself” crowd?

Have you been overwhelmed by vendor claims of “PCI made easy” or “PCI Compliance in 10 minutes” or “PCI in a Box”?

Does it bother you that the answers to your questions are often tied to the product/solution the vendor is selling?

What's Wrong with P2PE

by Jeffrey Man
October 31, 2013

The Payment Card Industry Security Standards Council announced at the European Community Meeting in Nice, France the first validated Point-to-Point Encryption (P2PE) solution. The P2PE application/solution validation programs were first introduced by the PCI SSC over two years ago, so while some might say “it’s about time a solution was validated” it at least appears that the P2PE validation program is quite challenging and complex. European Payment Services (EPS), being the first company to have a solution listed, should be commended.

Nessus Perimeter Service with New Tenable PCI Scanning Service Available

by Paul Asadoorian
April 17, 2012

Tenable is pleased to announce availability of the Nessus Perimeter Service including the Tenable PCI Scanning Service. Customers can scan an unlimited number of Internet-facing IP addresses, as often as they like, and submit PCI scan results up to twice per calendar quarter for Tenable PCI Approved Scanning Vendor (ASV) validation, all for $3,600 a year.

The Nessus Perimeter Service offers:

  • One flat fee - Scan an unlimited number of Internet-facing IPs, as often as you like
  • Web application vulnerability detection
  • Up to two quarterly PCI scan submissions for Tenable PCI ASV validation
  • Anytime, anywhere access via web browser and Tenable Nessus App for iPhone, Android, and iPod touch
  • World-class expertise with the most-trusted knowledgebase in the industry and access to Tenable’s PCI-certified professionals

To learn more about Nessus Perimeter Service and the Tenable PCI Scanning Service you can view the video titled "Nessus Perimeter Service Usage: PCI ASV Validation and SecurityCenter Integration":

New PCI-DSS Scan Policy

Sony: Compliance Lessons Learned

by Paul Asadoorian
May 12, 2011

The Now "Infamous" Sony Hack

It was reported late last month that attackers had penetrated Sony's PSN (PlayStation Network) platform. It has been rumored that reverse engineering the PlayStation firmware, coupled with vulnerabilities in Linux servers and unencrypted data traversing the network, led to the exposure of over 77 million users’ information being leaked, possibly including 2.2 million credit card numbers.


Sony reportedly may have lost so many credit card numbers that there is speculation it could devalue all stolen cards on the black market.

New Nessus Scan Policy Templates Added in the Plugin Feed

by Paul Asadoorian
April 7, 2011

We are pleased to announce that four new Nessus policy templates will be distributed to Nessus ProfessionalFeed and HomeFeed users via the Nessus plugins feed. This is first time we've used "push" functionality to send down scan policy templates.

Click for larger image

The four new Nessus scan policy templates will appear in the "Policies" tab once your Nessus installation has updated the plugins:

  • External Network Scan - This policy is tuned to scan externally facing hosts, which typically present fewer services to the network. The plugins associated with known web application vulnerabilities (CGI Abuses and CGI Abuses: XSS plugin families) are enabled in this policy. Also, all 65,535 ports are scanned for on each target.

SSL Certificate Authority Auditing with Nessus

by Ron Gula
December 28, 2010

Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # 51192, test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.