If I recall correctly there is no ISO 27K requirements which explicitly mandate the usage of vulnerability scanners. However such tool is obviously useful for the technical vulnerability management section.
>From experience I can tell that commercial vs opensource vulnerability scanners, is usually irrelevant. The process surrounding vulnerability management usually matters most - keep evidence you are actually doing something about vulnerabilities found, and have separate vulnerability and patch management programmes. Chris On Tue, Jan 24, 2017 at 7:27 AM, Eero Volotinen <[email protected]> wrote: > I am not familiar with ISO scanning requirements. I assume that > requirements are lower than in pci dss standard. > > Eero > > 24.1.2017 3.14 ap. "Oscar Kwan" <[email protected]> kirjoitti: > >> Hi, >> >> >> >> Thank you for your reply. You are so helpful. >> >> >> >> How about ISO27001/27002? Is OpenVAS scanning result and report accepted >> by ISO auditor (internal/external scan)? Or is it similar to PCI DSS that >> depends on vendors or solutions instead of software itself? >> >> >> >> Again, thank you very much for your time on answering me. Wish God bless >> you! :) >> >> >> >> Best Regards, >> >> Oscar >> >> >> >> >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On >> Behalf Of *Eero Volotinen >> *Sent:* Monday, January 23, 2017 6:25 PM >> *To:* Oscar Kwan >> *Cc:* [email protected] >> *Subject:* Re: [Openvas-discuss] Enquiry for OpenVAS Compliance >> >> >> >> Hi, >> >> OpenVAS can fullfill PCI DSS requirements for internal scanning *). For >> external scanning ASV certified solution is required **). It's not about >> software, >> >> it's about certification and verified solution. >> >> Any other questions? >> >> *) note: >> >> pci dss: >> >> 11.2.3.c Validate that the scan was performed by a qualified >> internal resource(s) or qualified external third party and if >> applicable, organizational independence of the >> tester exists (not required to be a QSA or ASV) >> >> >> >> **) https://www.pcisecuritystandards.org/assessors_and_ >> solutions/approved_scanning_vendors >> >> >> -- >> >> Eero >> >> >> >> >> -- >> >> Eero >> >> >> >> 2017-01-23 11:55 GMT+02:00 Oscar Kwan <[email protected]>: >> >> Dear all >> >> >> >> May I know which compliances OpenVAS is able to fulfill for vulnerability >> scanning (e.g. PCI DSS, ISO27001/27002 etc.)? Our company would like to >> switch from Nessus to OpenVAS and want to know whether they can fulfil the >> audit requirements or not. Thanks. >> >> >> >> Best regards >> >> *Oscar * >> >> >> >> >> >> >> >> >> ________________________________________________________________________ >> DISCLAIMER:- >> This email is confidential and intended only for the use of the >> individual or entity named above and may contain information that is >> privileged. If you are not the intended recipient, you are notified that >> any dissemination, distribution or copying of this email is strictly >> prohibited. If you have received this email in error, please notify us >> immediately by return email or telephone and destroy the original message. >> Thank you. >> ________________________________________________________________________ >> >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> >> >> >> ________________________________________________________________________ >> DISCLAIMER:- >> This email is confidential and intended only for the use of the >> individual or entity named above and may contain information that is >> privileged. If you are not the intended recipient, you are notified that >> any dissemination, distribution or copying of this email is strictly >> prohibited. If you have received this email in error, please notify us >> immediately by return email or telephone and destroy the original message. >> Thank you. >> ________________________________________________________________________ >> > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
