Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070


Tenable Delivers Cybersecurity for U.S. Department of Defense

The Defense Information Systems Agency’s (DISA) selection of Tenable Network Security as the foundation of its Assured Compliance Assessment Solution (ACAS) cements Tenable’s standing as the undisputed leader in vulnerability management in the U.S. Federal government.

The award followed a multiple month trial of Tenable products, in conjunction with partner HP Enterprise Services, demonstrating the ability to exceed U.S. Department of Defense (DoD) requirements. Tenable’s technology is meeting the vulnerability, configuration, and real-time risk management requirements of one of the largest, most demanding government organizations in the world.

In Pursuit of Comprehensive, Enterprise-Class Vulnerability Management

DISA, confronted with a limited capability to quickly and accurately assess the network security of Department of Defense (DoD) enterprise networks, established ACAS to replace the Secure Configuration Compliance Validation Initiative (SCCVI) suite of software previously acquired by DoD. ACAS will fulfill a combination of operational and strategic objectives, including:

  • Provide an innovative technical solution with a flexible cost structure.
  • Employ a commercial solution that can be easily ordered and quickly deployed across the DoD infrastructure.
  • Support enterprise-wide deployment across the Department of Defense (DoD), with the ability to tier system evaluation and management throughout the organization.

Ultimately, DISA sought:

  • Fast and accurate enterprise-wide network security assessment; satisfying the goal of increasing the accuracy of risk assessment and standards compliance verification.
  • A highly scalable solution easy to deploy at all levels; from the Central Command to the warfighter on the front lines.
  • Real-time risk assessment across DoD networks to provide essential situational awareness, and enable true, risk-based management decisions consistent with existing and emerging federal guidelines for Continuous Monitoring.

The Tenable Solution (Tenable – Hewlett Packard Enterprise Services (HPES) Partnership)

Tenable and HPES established an exclusive partnership to offer DISA an integrated software solution that’s accurate, thorough, scalable, reliable, intuitive, and easy to use. It can be easily deployed via download to all DoD agencies – without the need to procure and install appliance devices. And no other tool can match Tenable’s unique tiering ability, which allows DISA to aggregate security data in one central location in support of its mission. This team united two key market leaders, which combined complementary skills and experience to offer a superior ACAS solution to DISA and to the rest of DoD.

HPES assessed several technical approaches and vulnerability tools in order to find the right solution/partner. This comprehensive assessment was driven by several key criteria, including knowledge and understanding of DoD enterprise networks, ability to meet Security Content Automation Protocol (SCAP) compliance and Common Criteria standards, implementation speed and flexibility, ability to meet ACAS requirements, operator ease of use, and ability to meet long-term DoD enterprise needs. Tenable chose HP Enterprise Services (HPES) because of their extensive DoD experience and the wide-ranging corporate reachback they provide as the industry’s largest technology company. HPES has one of the broadest portfolios of products, services, end-to-end solutions, and research and testing in the technology industry. HPES also has a long history in supporting Information Assurance (IA) / Computer Network Defense (CND) programs, and is able to draw upon the IA experience of nearly 2,000 certified professionals.

Unlike many security software solutions, Tenable built its licensing and deployment architecture with one goal in mind: to allow customers’ security monitoring strategies to be defined by their needs and not by license and cost restrictions. For DISA, that approach facilitates flexible scanner usage across the DoD infrastructure, enables an improved security posture, and enhances satisfaction of organizational requirements such as fault tolerance, ability to target operational scanning windows, and managerial reporting requirements.

The Solution

DISA’s selection of Tenable followed an extensive evaluation process culminating with a 6-month, multi-site pilot implementation. During this period, Tenable successfully demonstrated the ability to meet and exceed all of DISA’s requirements for a modern, enterprise-class configuration assessment and vulnerability management solution. Tenable’s integrated approach to proactive network defense for the DoD is designed to scale easily while maintaining cost effectiveness. It leverages several Tenable components, including:


Continuous asset-based security and compliance monitoring, unifying the processes of asset discovery, vulnerability detection, and configuration auditing. Delivers a central point for discovering assets, detecting vulnerabilities and data leaks, managing events, and conducting configuration and compliance audits.

SecurityCenter is the first agent-less scanning solution to be certified by FDCC and SCAP. The SecurityCenter console works with Nessus scanners to look for policy changes every time a scan is requested. This provides the ability to assess an organization’s vulnerability and compliance posture, as well as delivering analysis and workflow tools that allow the user to easily perform reporting, auditing, and remediation tasks.

SecurityCenter ties directly to DISA’s Information Assurance Vulnerability Management (IAVM) system. On receipt of a new or updated information Assurance Vulnerability Alert (IAVA), SecurityCenter immediately deploys a new policy to Nessus scanners. That capability eliminates sometimes time-consuming waits for new policies to be manually written, improving security. SecurityCenter also has a built-in reporting engine which already produces the common reports DISA needs – without advanced scripting. ACAS users quickly gain access to relevant data to efficiently create meaningful reports.

Nessus Vulnerability Scanner

A high-quality, full function scanner covers a breadth of vulnerability and configuration checks across a broad range of different workstation, server, and network devices. Tenable’s Nessus scanner supports an unprecedented 50,000 vulnerability checks, and covers more than 10,000 unique Common Vulnerabilities and Exposures (CVEs). The scanner is fast and accurate, giving clients the greatest possible visibility into the status of connected devic,Ed and systems. The popular Nessus scanner has been downloaded more than five million times.

Passive Vulnerability Scanner (PVS)

Traditional active scanning systems miss transient devices — like smartphones — as well as many cloud-based services, resulting in dangerous gaps in coverage and visibility. So sophisticated security professionals complement active scanning with passive scanning. Tenable’s passive vulnerability scanner (PVS) uniquely overcomes these limitations, effectively extending scanning visibility to resources that would otherwise be missed in assessments. PVS introduces real-time monitoring, identifying devices and systems, applications and services, and network connections and eliminating the restrictions and limitations of traditional, schedule-based scanning. The inclusion of passive vulnerability scanning provides a comprehensive solution for DISA.


Converts DISA distributed eXtensible Checklist Configurations Description Format (XCCDF) files into Tenable’s Extensible Markup Langauge (XML) format, allowing the files to be imported into SecurityCenter and customized. X-tool also imports and converts Open Vulnerability Assessment Language (OVAL) and DISA generated SCAP content vulnerability files for upload into SecurityCenter.


Visualization and graphical analysis of network and protocol maps, communication paths, and vulnerability maps.

The Tenable Advantage:

  • Flexibility – the option to deploy unlimited consoles and scanners allows DISA to build the optimal scanning strategy, reflecting environmental, architectural, and organization requirements.
  • Scalability – with the ability of individual SecurityCenter consoles to scan hundreds of thousands of IPs, scanning architectures are based on mission requirements, not technology constraints.
  • Accuracy – the comprehensive Nessus library of nearly 50,000 individual plugins helps eliminate missed events (i.e. false negatives), while the popularity of Nessus provides an immediate feedback loop and extra layer of quality assurance.
  • Easy to deploy, use, and maintain – Broad platform support for scanners, no relational database to maintain, and no agents to manage.
  • Continuous Monitoring – passive scanning capabilities, unique to Tenable, help DISA move from static, point in time assessments.
  • Experience – the combination of the world’s largest technology company with one of the most widely-used vulnerability scanners gives DISA a partner they can trust.

Tenable’s software-only approach means components are easily procured and deployed on industry standard architecture hardware, not proprietary appliances. This means DoD can expand and adapt their scanning architecture as required by operational demands, without the delays and costs associated with buying, shipping, and maintaining appliance inventory. Additionally, our solution can run on the government’s existing platform, minimizing disruptions during transition.


For DISA and its constituents, ACAS provides the evolution necessary to properly support today’s warfighter. Tenable’s solution delivers a holistic, highly automated, and accurate approach to real-time continuous monitoring. Combining active and passive scanning technologies within a fluid, flexible architecture, Tenable’s solution provides the sophistication and flexibility needed to satisfy the wide variety of security needs the Department of Defense must support.

Download Whitepaper

Try for Free Buy Now

Try Tenable.io


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.