Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trust and Assurance Keeping your data secure is our top priority.

Security is core to our corporate ethos. Our products are designed to protect the confidentiality, integrity and availability of all of your data.

Get the Data Sheet
Trust and Assurance

Trust Tenable with Your Data Security and Privacy

Our products protect your privacy and give you control over your data. Built on a safe, secure and compliant cloud, thousands of customers trust Tenable with their vulnerability data.

Data Security

Tenable is committed to protecting the confidentiality, integrity and availability of all of your data. Tenable.io data is encrypted in transit and stored using modern ciphers and methods recommended by security industry and standards organizations. Multiple network controls, access controls and container isolation ensure that security is built into every aspect of our products to protect your data.

Data Security


Tenable.io data is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys.

Access Controls

Tenable uses many mechanisms to help you control data access, including account lockout after 5 failed login attempts, SAML and two-factor authentication. Access can also be controlled via API keys.

Network Controls

The Tenable cloud platform is built on isolated, private networks and uses multiple network controls such as container isolation, inbound/internal traffic restrictions, monitoring of traffic rates, sources and types at multiple network points.

Regular Security Assessments

Tenable performs frequent vulnerability, docker container and web applications scans in addition to leveraging the Tenable Research team and third parties to conduct periodic security assessments.

Data Privacy

One of our top priorities is ensuring only you can access your data and preventing any noncustomers or bad actors from accessing, disclosing or violating the privacy and protection of data stored in the Tenable cloud platform. PII data is anonymized via a one way salted hash using SHA-256. Further, using multiple data access controls and data localization our products are built to protect your data and help you meet privacy obligations.

Data Privacy

Data Anonymization

The Tenable cloud does not collect scan or PII data. Any potentially identifying customer data is anonymized before ingestion via a one-way salted hash using SHA-256.

Data Access

Tenable uses a number of data access controls including account lockout, two-factor authentication and SAML. Access to anonymized data is restricted to the Tenable Research team only, and is controlled through a central directory system.

Data Localization

Collection and processing of customer scan data occurs within a customers geographic region. Results are anonymized and only then are aggregated with similar data in our analytics platform.

Certifications and Assurance

With multiple certifications including ISO 27001, NIAP and Privacy Shield Framework, Tenable products help you navigate your compliance and ensure powerful security assurance in the cloud. Tenable is also a member of the CSA STAR program.

Certifications and Assurance


Tenable.io and Tenable.io Web App Scanning (WAS) received FedRAMP Authorization to Operate (ATO) in 2021, demonstrating our commitment to cloud security and compliance.

Cloud Security Alliance (CSA) STAR

Tenable is a member of the CSA STAR program. CSA STAR is the industry's most powerful program for security assurance in the cloud. To view the security controls for Tenable.io, visit the CSA website.

Privacy Shield Framework

Tenable is Privacy Shield Framework certified and complies with all data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

ISO 27001

Tenable’s ISO/IEC 27001:2013 certification covers the ISMS supporting Tenable’s legal areas, human resources, information technology, software development, executive leadership, and customer support functions. Details are publicly available in the Schellman Certificate Directory.

National Information Assurance Program

Tenable has NIAP certifications for Tenable.sc, Nessus Manager, Log Correlation Engine (LCE), Nessus Network Monitor and Nessus Agent products.

Service Availability

Tenable has the industry’s first uptime guarantee of 99.95% to ensure your service is always on. Tenable implements and enforces measures to ensure that Tenable services are highly available, guarded against attacks or simple faults and outages and always usable.

Service Availability

Guaranteed Uptime

Tenable has an uptime guarantee of 99.95% through a robust SLA, with service credits offered if the SLA is not met.

High Availability

Tenables uses the AWS platform and other leading technologies to ensure high availability. Using fault tolerant and redundant components, Tenable ensures you get the best possible service with minimal downtime.

Secure Software Development

Tenable has a dedicated team to drive the Secure Software Development Lifecycle (SSDLC). Leveraging automated security testing they identify potential vulnerabilities within source code, dependencies, and underlying infrastructure to ensure we ship secure, high-quality products at pace.

Secure Software Development


Tenable’s SSDLC team ensures adherence to security controls in our processes and uses automated Security Testing to identify potential vulnerabilities. All tests must meet a strict scoring criteria before products are released.

Static Application Security Testing (SAST)

Tenable analyzes the application source code for bugs, tech-debt and vulnerabilities to ensure security and quality of our products.

Dependency and Third-Party Library Scanning

Tenable analyzes project dependencies to determine vulnerabilities and licensing issues.

Dynamic Application Security Testing (DAST)

Tenable regularly runs automated web application scans against our products to discover bugs, exploits and vulnerabilities early in the development process.

Container Security

Vulnerability assessments are performed on all container images to detect any vulnerable software running on a given container. Strict scoring requirements prevent the shipment of vulnerable containers until all issues have been resolved.

Code Standards and Role-Based Access Control

Tenable's baseline source code control standards align to certification requirements and industry best practices. Standards include: peer code reviews, role-based access control, least privilege, code and repository ownership, segregation of duties- and more.

​ ​

Vulnerability Management

As a leading provider of vulnerability management solutions, Tenable leverages its platforms to perform internal scans and analyze vulnerabilities on laptops, infrastructure and cloud environments.

Secure Software Development

Featured products


How does Tenable protect my data?
Which customer data does Tenable.io manage?
Which customer asset and vulnerability data does Tenable.io manage?
Does Tenable analyze or use customer data?
Can customers opt out of health and status data collection?
Which usage data does Tenable.io collect?
Can users opt out of usage data collection?
Where is customer data stored?
Can a customer force data to remain in a specific location/country?
How is customer data protected within Tenable.io?
How does Tenable perform secure development?
Which customer application security is available?
How is data encrypted?
Can customers upload their own keys?
Has Tenable achieved any privacy or security certifications, such as Privacy Shield or CSA STAR?
How does Tenable protect Personally Identifiable Information (PII)?
Is customer data separated?
Which security controls protect Tenable.io?
How are Tenable.io sensors secured?
How is Tenable.io availability managed?
Where is data replicated?
Which disaster recovery capabilities are in place?
Who can access customer data?
How are user roles and permissions managed?
Can Tenable staff access customer data?
Who can use the impersonate function?
Does the data leave the country when Tenable is troubleshooting a technical issue?
Will Tenable support staff have access to a customer’s internal network?
What is the Tenable.io Data Retention Policy?
How long is active scan data retained?
If a customer discontinues the Tenable.io service, how long is data retained?
How long is PCI-related data retained?
How long is Tenable.io usage data retained?
Does Tenable.io have Common Criteria certification?

See Tenable
In Action

"We do in-depth research on everything. Tenable came out as the clear choice.” Matt Ramberg, Vice President of Information Security, Sanmina
Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.