Documentation

Description of Terms

Audit File

A file that is used to implement all, or some, of a benchmark. Many benchmarks have 1 or more audits to cover different configuration profiles or different targeted platforms.

Benchmark

A document from a compliance authority that dictates a configuration for a secure posture of a targeted platform. CIS Benchmark, DISA STIG.

Item

An implementation of a recommendation from a source authority benchmark.

Source Authority

An authority that provides prescriptive security guidance. Common authorities are CIS and DISA.

References

Regulatory, industry, and framework identifiers. Examples include NIST, PCI, and HIPAA

Version

A version of the guidance provided by the source authority.

Revision

A revision of the Tenable audit file.