Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent-less scans. Windows 2003 Member Servers are Windows 2003 operating systems which host applications or data and are part of a domain, but are not the actual domain controllers. Tenable has previously received certification to perform certified CIS audits of Windows 2003 Domain Controllers.
To obtain these policies, Security Center users should download these audit files and place them in their /opt/sc3/admin/nasl directory and then make them part of new or existing Vulnerability Polices. Nessus Direct Feed users should download these policies to the system they are operating the Nessus client from and add them to new or existing Nessus scan policies.
The polices are available for download from the Tenable Support Portal by clicking on the 'Downloads' button, and then the 'Download CIS Compliance Audit Policies' button. These policies are available alongside other CIS audit policies. Below is a screen shot of what the current download page looks like:
Tenable Network Security also offers CIS certified audit polices for these "best practice" guides:
- FreeBSD v1.0.5
- Level 1 RedHat EL v1.0.5
- Windows 2003 Domain Controllers
- Windows 2003 Member Servers
Many more CIS audit policies are in development. Tenable also offers audit content that has been generated from the NIST SCAP program, as well as content developed in-house based on guidelines from the Payment Card Industry (PCI), US CERT, Microsoft, NSA, the DISA STIG guide and customer feedback.