http://www.nessus.org/ Configuration Auditing Updates for Nessus http://www.nessus.org/images/RssLogo.jpg http://www.nessus.org/
Nessus users can obtain this updated audit policy by visiting the support portal, choosing "Downloads" and then choosing the "Download NIST and FDCC Compliance Audit Policies". The updated audit policy should then replace any existing audit polices you are currently using in your FDCC audits.

If you are a Security Center user, you can also take advantage of this audit policy, however Tenable recommends that you should generate your own audit policies directly from NIST XCCDF content with the X Tool. For more information on how to do this with the Security Center, please refer to the "X Tool SCAP Assessments" guide in the documentation area of the support portal.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=163 2008-09-07T13:33:00-04:00
To obtain these audit polices for use with Nessus or the Security Center, please log into the Customer Support Portal, click on 'Download', then click on 'Download CIS Compliance Audit Files' and then choose the audit policy named 'HP-UX v1.4.1'.


More info]]> http://www.tenablesecurity.com/news/rssview.php?id=157 2008-09-07T11:33:00-04:00
These can be downloaded from the Tenable Support Portal by clicking 'Downloads' and then 'Download Configuration Audit Policies'. The policies are all labeled with a "DISA STIG" standard.


More info]]> http://www.tenablesecurity.com/news/rssview.php?id=156 2008-09-07T13:33:00-04:00
If you are Nessus Direct or Professional Feed subscriber, these policies can be downloaded from the Tenable Support Portal. Follow the links for 'Downloads' and then 'Download NIST and FDCC Compliance Audit Policies'.

If you are a Security Center user, these polices can still be used to perform audits, however, we recommend that you obtain the xTool and generate your own audit polices directly fro the NIST XCCDF content. To learn more about using the xTool and performing certified SCAP audits, please read the X Tool SCAP Assesments guide.




More info]]> http://www.tenablesecurity.com/news/rssview.php?id=154 2008-09-07T09:33:00-04:00
The first is titled 'AIX Best Practices' and is based loosely on the Center for Internet Security CIS_AIX_Benchmark_v1.0.1 best practices guide. This guide referenced an older version of AIX. The new AIX audit policy from Tenable is applicable for modern AIX deployments and performs comparable CIS style audits.

The second AIX policy is for PCI configuration auditing. It is aptly named 'PCI AIX'. Although Tenable recommends Center for Internet Security policies for more comprehensive auditing, the PCI audit polices focus on the minimal settings required for PCI.

Both of these AIX audit policies are available on the Tenable Support Portal by logging in, clicking on Downloads, then by clicking on Download Configuration Audit Polices.

Each of these new audit policies also makes use of some new APIs available for the UNIX compliance checks. If you are testing or trying these plugins, but sure to update your plugins prior to running these. The new APIs include support for the "info" keyword which allows more information to be generated in the Nessus report about the specific item being audited.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=153 2008-09-07T12:33:00-04:00
The certified audit policy is now available on the Support Portal. To obtain the policy, click on 'Downloads', then click on 'Download CIS Compliance Audit Files' and then look for the 'Solaris 10 v4.0' audit policy.

To use this policy with Nessus, save the audit file to the system running the Nessus Client and create a scan policy that makes use of this new audit for Solaris 10.

To use this policy with Security Center 3.4, as an administrator, upload the new audit policy and then create one or more vulnerabilities policies which make use of the Solaris 10 audit.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=148 2008-09-07T14:33:00-04:00
To obtain the tool, log into the Customer Portal at the below link, choose 'Downloads', then choose 'Download Compliance Checks Tools' and then WNPC-1.0.5.exe download.

The WNPC allows Windows users and administrators to create a Nessus .audit file from the current running settings of a Windows system.


More info]]> http://www.tenablesecurity.com/news/rssview.php?id=147 2008-09-07T13:33:00-04:00
The updated tool is available on the Tenable Customer Portal by clicking on the "Download" button and then the "Download Compliance Checks Tools" button.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=136 2008-09-07T22:33:00-04:00
Security Center customers that wish to perform FDCC certified audits and reporting to NIST, can email support@tenablesecuritiy.com to request a copy of the new xTool. The xTool allows conversion of XCCDF SCAP content to Nessus .audit policies which can be loaded into the Security Center. Results from the Security Center audit can also also be then loaded back into the xTool to produce an FDCC XML report for submission to NIST.

The Tenable blog entry below provides more detail on how this process works. An extensive document which has step-by-step guides to performing FDCC auditing with the Security Center is also available.

More info]]> http://www.tenablesecurity.com/news/rssview.php?id=135 2008-09-07T21:33:00-04:00 Customer Support Portal.

Version 1.0.4 now supports version 2 of the Windows compliance checks.

To obtain the updated tool, log into the support portal, click on the 'Downloads' button and then the 'Download Compliance Check Tools' button.

The link below points to an original Tenable Blog entry about Windows Nessus Policy Creator usage.
More info]]> http://www.tenablesecurity.com/news/rssview.php?id=125 2008-09-07T12:33:00-05:00