Larry Petty wrote: > I know that Security Center has built in ability to do the following: > > "PCI Nessus Scan Summary (Nessus scan and credentialedchecks) The PCI > standard assigns vulnerability severity levels between1 and 5 with 5 being > the most severe. This template produces a reportwhich maps all Nessus > vulnerabilities into each of these severitylevels." > > Is there a way to do this with Nessus only or some other utility? >
Besides Security Center, there are a variety of commercial solutions that attempt to do this within their products. However, all product solutions only get you close to a real PCI audit. For that you need a commercial service to really qualify. Also keep in mind there are different types of PCI requirements. If you need to do configuration auditing to look for settings, you might need to use the features available in the Direct Feed for example. On the other hand, patch auditing for remote scans isn't something that is specifically required. I've blogged a few times on PCI at these links: PCI Configuration Audits with Nessus http://blog.tenablesecurity.com/2007/07/pci-configurati.html Can I use Nessus to perform PCI audits? http://blog.tenablesecurity.com/2007/07/can-i-use-nessu.html IT Security Compliance Myths http://blog.tenablesecurity.com/2006/10/it_security_com.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
