Nessus Compliance Scanning Office Hours Call Documents

Nessus is a security scanner utilized by Safeguards to conduct automated compliance scanning against information systems that receive, process, store, and/or transmit Federal Tax Information (FTI) during on-site reviews. It is a tool that delivers enhanced information regarding the security controls in place to protect FTI. Nessus scans are non-intrusive and have no impact on the agency’s network. Safeguards compliance baselines are tailored for Publication 1075 requirements. It is a requirement that Nessus scans use the Safeguards compliance baselines.

Running and/or obtaining Nessus compliance scan results is currently required for the onsite assessment of vendor-supported Windows and UNIX operating systems, Oracle and SQL Server database management systems, Apache and IIS web servers, Cisco ASA and IOS software and VMware ESXi hypervisors. Additional technologies and platforms will be added as part of quarterly methodology updates based on available CIS benchmarks.  Please see the current listing of Nessus Audit Files for the most current files.

Scans are required for all locations receiving, storing, accessing and/or processing FTI. This includes, but is not limited to: agency data centers, consolidated data centers, third party vendors and county or field offices. 

For those who were unable to attend the Safeguards Office Hours call we have provided links to documents associated with the call.