Hi, Thank you for your reply. You are so helpful.
How about ISO27001/27002? Is OpenVAS scanning result and report accepted by ISO auditor (internal/external scan)? Or is it similar to PCI DSS that depends on vendors or solutions instead of software itself? Again, thank you very much for your time on answering me. Wish God bless you! :) Best Regards, Oscar From: [email protected] [mailto:[email protected]] On Behalf Of Eero Volotinen Sent: Monday, January 23, 2017 6:25 PM To: Oscar Kwan Cc: [email protected] Subject: Re: [Openvas-discuss] Enquiry for OpenVAS Compliance Hi, OpenVAS can fullfill PCI DSS requirements for internal scanning *). For external scanning ASV certified solution is required **). It's not about software, it's about certification and verified solution. Any other questions? *) note: pci dss: 11.2.3.c Validate that the scan was performed by a qualified internal resource(s) or qualified external third party and if applicable, organizational independence of the tester exists (not required to be a QSA or ASV) **) https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors -- Eero -- Eero 2017-01-23 11:55 GMT+02:00 Oscar Kwan <[email protected]<mailto:[email protected]>>: Dear all May I know which compliances OpenVAS is able to fulfill for vulnerability scanning (e.g. PCI DSS, ISO27001/27002 etc.)? Our company would like to switch from Nessus to OpenVAS and want to know whether they can fulfil the audit requirements or not. Thanks. Best regards Oscar ________________________________________________________________________ DISCLAIMER:- This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. Thank you. ________________________________________________________________________ _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ________________________________________________________________________ DISCLAIMER:- This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. Thank you. ________________________________________________________________________
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
