I understand all the below. I'm looking to use Nessus for doing ASV (Authorized 
Scanning Vendor) scans instead of Qualys or other third party scanners. I am a 
direct feed customer, but I'm only doing external ASV scans and don't need the 
audit files. We have an in house custom app that parses the Nessus XML files 
for our reports. I have almost everything ready except mapping the nessus 
vulnerabilities to the five PCI security levels.

Do you know of an algorithm or conversion to do this manually? If we can figure 
out the conversion we can automate it ourselves.

----- Original Message ----
From: Ron Gula <[EMAIL PROTECTED]>
Cc: [email protected]
Sent: Monday, March 10, 2008 5:58:40 PM
Subject: Re: PCI Nessus Scan Summary

 Larry Petty wrote:
> I know that Security Center has built in ability to do the following:
> 
> "PCI Nessus Scan Summary (Nessus scan and credentialedchecks) The PCI 
> standard assigns vulnerability severity levels between1 and 5 with 5 being 
> the most severe. This template produces a reportwhich maps all Nessus 
> vulnerabilities into each of these severitylevels."
> 
> Is there a way to do this with Nessus only or some other utility?
> 

Besides Security Center, there are a variety of commercial solutions
that attempt to do this within their products. However, all product
solutions only get you close to a real PCI audit. For that you need
a commercial service to really qualify.

Also keep in mind there are different types of PCI requirements. If
you need to do configuration auditing to look for settings, you might
need to use the features available in the Direct Feed for example.
On the other hand, patch auditing for remote scans isn't something
that is specifically required.

I've blogged a few times on PCI at these links:

PCI Configuration Audits with Nessus
http://blog.tenablesecurity.com/2007/07/pci-configurati.html

Can I use Nessus to perform PCI audits?
http://blog.tenablesecurity.com/2007/07/can-i-use-nessu.html

IT Security Compliance Myths
http://blog.tenablesecurity.com/2006/10/it_security_com.html

Ron Gula
Tenable Network Security




_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus






      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to