You may want to take the template and review it and edit for the specific settings you are using, submitting the template with the results file as compliance evidence. I have found my customers either are not following all the FDCC or have stricter settings. Each agency is using their own set of settings too.. I'm not going into how that essentially makes them noncompliant but that's why I recommend you submit your templates too. On Jan 19, 2011 11:33 AM, "Albert R. Campa" <[email protected]> wrote: > Here is an older blog post on how its done. > > http://blog.tenablesecurity.com/2008/02/testing-windows.html > > > __________________________________ > Albert R. Campa > > > On Wed, Jan 19, 2011 at 10:19 AM, Albert R. Campa <[email protected]> wrote: > >> Yes you can do it with Nessus. Using a FDCC audit file. >> >> __________________________________ >> Albert R. Campa >> >> >> On Wed, Jan 19, 2011 at 9:20 AM, Bigger Thomas <[email protected]> wrote: >> >>> I have a machine in my enterprise that needs to be proven to be NIST FDCC >>> compliant. I was tooling around trying to find scanners that could do this >>> and most of the literature points to NexPose and their products. I figured >>> there must be a way to do this with Nessus, but I am still pretty new to >>> anything but basic vulnerability scanning using Nessus. What I need to do >>> is provide a report showing that it is in compliance, does anyone know of a >>> way to do this using Nessus? Thanks for any help you can provide. >>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >>
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
