Trust and Assurance Keeping your data secure is our top priority.
Security is core to our corporate ethos. Our products are designed to protect the confidentiality, integrity and availability of all customer data.Get the Data Sheet
Trust Tenable with Your Data Security and Privacy
Our products protect your privacy and give you control over your data. Built on a safe, secure and compliant cloud, thousands of customers trust Tenable with their vulnerability data.
Tenable is committed to protecting the confidentiality, integrity and availability of all customer data. Tenable.io data is encrypted in transit and stored using modern ciphers and methods recommended by security industry and standards organizations. Multiple network controls, access controls and container isolation ensure that security is built into every aspect of our products to protect your data.
Tenable.io data is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys.
Tenable uses many mechanisms to help customers control data access, including account lockout after 5 failed login attempts, SAML and two-factor authentication. Access can also be controlled via API keys.
The Tenable cloud platform is built on isolated, private networks and uses multiple network controls such as container isolation, inbound/internal traffic restrictions, monitoring of traffic rates, sources and types at multiple network points.
Regular Security Assessments
Tenable performs frequent vulnerability, docker container and web applications scans in addition to leveraging the Tenable Research team and third parties to conduct periodic security assessments.
One of our top priorities is ensuring only customers can access their data and preventing any noncustomers or bad actors from accessing, disclosing or violating the privacy and protection of data stored in the Tenable cloud platform. PII data is anonymized via a one way salted hash using SHA-256. Further, using multiple data access controls and data localization our products are built to protect your data and help you meet privacy obligations.
The Tenable cloud does not collect scan or PII data. Any potentially identifying customer data is anonymized before ingestion via a one-way salted hash using SHA-256.
Tenable uses a number of data access controls including account lockout, two-factor authentication and SAML. Access to anonymized data is restricted to the Tenable Research team only, and is controlled through a central directory system.
Collection and processing of customer scan data occurs within a customers geographic region. Results are anonymized and only then are aggregated with similar data in our analytics platform.
Certifications and Assurance
With multiple certifications including ISO 27001, NIAP and Privacy Shield Framework, Tenable products help you navigate your compliance and ensure powerful security assurance in the cloud. Tenable is also a member of the CSA STAR program.
Tenable.io and Tenable.io Web App Scanning (WAS) received FedRAMP Authorization to Operate (ATO) in 2021, demonstrating our commitment to cloud security and compliance.
Cloud Security Alliance (CSA) STAR
Tenable is a member of the CSA STAR program. CSA STAR is the industry's most powerful program for security assurance in the cloud. To view the security controls for Tenable.io, visit the CSA website.
Privacy Shield Framework
Tenable is Privacy Shield Framework certified and complies with all data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Tenable’s ISO/IEC 27001:2013 certification covers the ISMS supporting Tenable’s legal areas, human resources, information technology, software development, executive leadership, and customer support functions. Details are publicly available in the Schellman Certificate Directory.
National Information Assurance Program
Tenable has NIAP certifications for Tenable.sc, Nessus Manager, Log Correlation Engine (LCE), Nessus Network Monitor and Nessus Agent products.
Tenable has the industry’s first uptime guarantee of 99.95% to ensure your service is always on. Tenable implements and enforces measures to ensure that Tenable services are highly available, guarded against attacks or simple faults and outages and always useable for our customers.
Tenable has an uptime guarantee of 99.95% through a robust SLA, with service credits offered if the SLA is not met.
Tenables uses the AWS platform and other leading technologies to ensure high availability for customers. Using fault tolerant and redundant components, Tenable ensures customers get the best possible service with minimal downtime.
Secure Software Development
Tenable has a dedicated team to drive the Secure Software Development Lifecycle (SSDLC). Leveraging automated security testing they identify potential vulnerabilities within source code, dependencies, and underlying infrastructure to ensure we ship secure, high quality products at pace.
Tenable’s SSDLC team ensures adherence to security controls in our processes and uses automated Security Testing to identify potential vulnerabilities. All tests must meet a strict scoring criteria before products are released to our customers.
Static Application Security Testing (SAST)
Tenable analyzes the application source code for bugs, tech-debt and vulnerabilities to ensure security and quality of our products.
Dependency and Third-Party Library Scanning
Tenable analyzes project dependencies to determine vulnerabilities and licensing issues.
Dynamic Application Security Testing (DAST)
Tenable regularly runs automated web application scans against our products to discover bugs, exploits and vulnerabilities early in the development process.
Vulnerability assessments are performed on all container images to detect any vulnerable software running on a given container. Strict scoring requirements prevent the shipment of vulnerable containers until all issues have been resolved.
Code Standards and Role-Based Access Control
Tenable's baseline source code control standards align to Certification requirements and industry best practices. Standards include: peer code reviews, role-based access control, least privilege, code and repository ownership, segregation of duties, and more.
As a leading provider of vulnerability management solutions, Tenable leverages its platforms to perform internal scans and analyze vulnerabilities on laptops, infrastructure and cloud environments.