That's what I thought, until I read this document: https://www.pcisecuritystandards.org/pdfs/pci_dss_technical_and_operational_requirements_for_approved_scanning_vendors_ASVs_v1-1.pdf
Check out the changes on page 4-11. How do you interpret this? Larry, I'm not sure if I'm allowed to provide tips on how/what to scan - to be safe I won't. I can tell you however that there are 5 levels of risk ratings in the PCI/DSS standards, where as Nessus has but three (four if you count INFO). I would recommend some extensive reading of the www.pcisecuritystandards.org PCI/DSS document itself, along with ALL of the support documents. Here's the link to the file that has the actual risk ratings for PCI standards. You will need to come up with a system (internal to your company) to map the nessus ratings to these. https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf The test is not trivial. -- _______________________________________________________________________ Nathan Grandbois, CISSP [EMAIL PROTECTED] Security Analyst (614) 351-1237 x 212 PGP Key Available by Request MicroSolved is security expertise you can trust! HoneyPoint Security Server Attackers get stung, instead of you! http://www.microsolved.com/honeypoint __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
