I understand all the below. I'm looking to use Nessus for doing ASV (Authorized Scanning Vendor) scans instead of Qualys or other third party scanners. I am a direct feed customer, but I'm only doing external ASV scans and don't need the audit files. We have an in house custom app that parses the Nessus XML files for our reports. I have almost everything ready except mapping the nessus vulnerabilities to the five PCI security levels.
Do you know of an algorithm or conversion to do this manually? If we can figure out the conversion we can automate it ourselves. ----- Original Message ---- From: Ron Gula <[EMAIL PROTECTED]> Cc: [email protected] Sent: Monday, March 10, 2008 5:58:40 PM Subject: Re: PCI Nessus Scan Summary Larry Petty wrote: > I know that Security Center has built in ability to do the following: > > "PCI Nessus Scan Summary (Nessus scan and credentialedchecks) The PCI > standard assigns vulnerability severity levels between1 and 5 with 5 being > the most severe. This template produces a reportwhich maps all Nessus > vulnerabilities into each of these severitylevels." > > Is there a way to do this with Nessus only or some other utility? > Besides Security Center, there are a variety of commercial solutions that attempt to do this within their products. However, all product solutions only get you close to a real PCI audit. For that you need a commercial service to really qualify. Also keep in mind there are different types of PCI requirements. If you need to do configuration auditing to look for settings, you might need to use the features available in the Direct Feed for example. On the other hand, patch auditing for remote scans isn't something that is specifically required. I've blogged a few times on PCI at these links: PCI Configuration Audits with Nessus http://blog.tenablesecurity.com/2007/07/pci-configurati.html Can I use Nessus to perform PCI audits? http://blog.tenablesecurity.com/2007/07/can-i-use-nessu.html IT Security Compliance Myths http://blog.tenablesecurity.com/2006/10/it_security_com.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
