Yes. Tenable qualifies as an Approved Scanning Vendor (ASV) to validate external vulnerability scanners in Internet-connected environments (to store, process or transfer cardholder data) of merchants and service providers. The ASV qualification process consists of three parts: the first includes the qualification of Tenable Network Security as a provider. The second concerns the qualification of Tenable personnel responsible for remote PCI scanning services. The third is the security testing of the tenable Remote Scanning solution (Tenable.io and Tenable.io PCI ASV). Please sign up for a free evaluation Tenable.io under www.tenable.com/try ASD Top 4 Mitigation Strategies – Active OS and Application Vulnerability Counts: This component provides a number of active vulnerabilities detected on the network based on the vulnerability of operating systems, applications, or a combination of both. The best method to separate application weak points from operating system breakpoints is to use CPE-type comparison. The first line of the matrix contains a number of application-only vulnerabilities, followed by « Operating System Only, » « Operating Os and Applications, » « No CPE, » and then a total number of security vulnerabilities. Each degree of severity is represented by a color. Cells with medium severity weaknesses turn yellow, high gravity levels orange, and red cells indicate critical degrees of severity. All data in all states of the Tenable.io platform is encrypted at least one level of encryption, with no less than AES-256.
docs.tenable.com/licensedeclarations/Content/index.htm technical documentation for all Tenable products, including Tenable.io, is available under docs.tenable.com/ services Tenable.io aim for 99.95% uptime or better and have provided 100% uptime for most services. Tenable has released an SLA that outlines our commitment to ensuring that the platform is available to all users and how we credit customers in the event of an unplanned shutdown. VPR Summary – Highlighted Fixes (VPR 7.0 – 10): The component uses the High and Critical VPR steps (VPR 7.0 – 10) in combination with the Recap tool to provide a concentrated view of fixes that should be considered with a higher priority than other fixes. The tool provides a list of patches to be applied, the reduced risk level (based on the vulnerability assessment), the affected hosts, and the percentage of vulnerabilities. Predictive priority allows companies to better understand which weaknesses need to be addressed first. In combination with this comprehensive view, Tenable.sc provides a list of fixes that can have a more immediate effect. Data security and privacy include that customers do not have access to data other than their own and that non-customers, hackers, bad actors or unauthorized tenable representatives cannot access the privacy and protection of customer data stored in the service Tenable.io, disclose, copy or otherwise violate them. Key Management – Keys are stored centrally, encrypted with a roller key, and access is limited. All stored encrypted data can be returned to a new key. The encryption keys for data files differ in each regional site, as do the keys at the data carrier level….