Nessus Logo

Date: 06/04/2025

Vendor: STIG Fixers

Technology/Topic: Nessus Tools

URL: http://www.nessus.org

TEM Presentation Slide Deck

=====================================

Welcome to the Technical Exchange Meeting (TEM)!

Nessus Tools accelerates the STIG compliance process. Nessus Tools generates spreadsheets from Nessus scans (parsing the required data, i.e. CAT), answering key questions such as: How many servers have a STIG applied?; How many servers do not have a STIG applied?; Which server has a specific STIG applied?

Nessus Tools creates DISA STIG Viewer Checklist files. While Tenable/Nessus can perform automated scans, it does not produce checklists from the results. Nessus Tools can generate completed checklists directly from Nessus/Tenable scans.

Nessus Tools tackles the “management” problem by integrating with an industry-standard ALM (Application Lifecycle Management) tool that supports work items, Agile methodology, queries, and dashboards. Nessus Tools generates STIG Work Items for each audit, vulnerability, and host combination. This allows STIG work to be tracked and assigned to individuals, organized, and managed similar to any other Agile project. Engineers can be assigned to manage one server or specific vulnerabilities across multiple hosts. As new Tenable scans are imported, existing Work Items are automatically updated with the latest scan findings. Checklists can be exported, combining both manual efforts and automated scan results, making the ALM the system of truth. Nessus Tools addresses the “state” problem where not all checks are automated, some are POAM’d. POAMs are documented in work items allowing users to record Findings, Comments, and Status updates which are then reflected in the generation of Checklist files.

=====================================

To join the DISA TEM mailing list, please contact: disa.tem@mail.mil

=====================================

Disclaimer:

— TEMs do not serve as a marketing venue or request for proposal actions.

— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.

— TEMs do not serve as an endorsement of any presented technologies or capabilities

— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.

— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly facing content is permissible in DISA TEM sessions.  

=====================================

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.