Trust and assurance
Keeping your data secure is our top priority.
Security is core to our corporate ethos. Our products are designed to protect the confidentiality, integrity and availability of all of your data.
Trust Tenable with your data security and privacy
Our products protect your privacy and give you control over your data. Built on a safe, secure and compliant cloud, thousands of customers trust Tenable with their vulnerability data.
Data security
Tenable is committed to protecting the confidentiality, integrity and availability of all of your data. Tenable Vulnerability Management data is encrypted in transit and stored using modern ciphers and methods recommended by security industry and standards organizations. Multiple network controls, access controls and container isolation ensure that security is built into every aspect of our products to protect your data.
Encryption
Tenable Vulnerability Management data is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys.
Access controls
Tenable uses many mechanisms to help you control data access, including account lockout after 5 failed login attempts, SAML and two-factor authentication. Access can also be controlled via API keys.
Network controls
تم بناء المنصة السحابية من Tenable على شبكات خاصة معزولة، وتستخدم عناصر تحكم متعددة في الشبكة مثل عزل الحاويات وقيود حركة المرور الداخلية/نحو الداخل ومراقبة معدلات حركة المرور والمصادر والأنواع في نقاط شبكة متعددة.
Regular security assessments
Tenable performs frequent vulnerability, docker container and web applications scans in addition to leveraging the Tenable Research team and third parties to conduct periodic security assessments.
Data privacy
One of our top priorities is ensuring only you can access your data and preventing any noncustomers or bad actors from accessing, disclosing or violating the privacy and protection of data stored in the Tenable cloud platform. PII data is anonymized via a one way salted hash using SHA-256. Further, using multiple data access controls and data localization our products are built to protect your data and help you meet privacy obligations.
Data anonymization
The Tenable cloud does not collect scan or PII data. Any potentially identifying customer data is anonymized before ingestion via a one-way salted hash using SHA-256.
Data access
Tenable uses a number of data access controls including account lockout, two-factor authentication and SAML. Access to anonymized data is restricted to the Tenable Research team only, and is controlled through a central directory system.
Data localization
Collection and processing of customer scan data occurs within a customers geographic region. Results are anonymized and only then are aggregated with similar data in our analytics platform.
Certifications and assurance
With multiple certifications including ISO 27001, NIAP and Privacy Shield Framework, Tenable products help you navigate your compliance and ensure powerful security assurance in the cloud. Tenable is also a member of the CSA STAR program.
FedRAMP
Tenable Vulnerability Management and Tenable Web App Scanning received FedRAMP Authorization to Operate (ATO) in 2021, demonstrating our commitment to cloud security and compliance.
StateRAMP
Tenable Vulnerability Management is StateRAMP Authorized, demonstrating our commitment to the security of State and Local Government agencies
Cloud Security Alliance (CSA) STAR
Tenable is a member of the CSA STAR program. CSA STAR is the industry's most powerful program for security assurance in the cloud. To view the security controls for Tenable Vulnerability Management, visit the CSA website.
ISO 27001
Tenable’s ISO/IEC 27001:2022 certification covers the ISMS supporting Tenable’s legal areas, human resources, information technology, software development, executive leadership, and customer support functions. Details are publicly available in the Schellman Certificate Directory.
Privacy Shield Framework
Tenable is Privacy Shield Framework certified and complies with all data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
National Information Assurance Program
Tenable has NIAP certifications for Tenable Security Center, Nessus Manager, Nessus Network Monitor and Nessus Agent products.
SOC 2
Tenable's SOC 2 report is the result of a third-party audit that assesses Tenable's compliance with the Service Organization Controls (SOC) framework. Tenable's SOC 2 report is provided upon request and under MNDA. Please reach out to your account representative to request a copy.
Service availability
Tenable has the industry’s first uptime guarantee of 99.95% to ensure your service is always on. Tenable implements and enforces measures to ensure that Tenable services are highly available, guarded against attacks or simple faults and outages and always usable.
Guaranteed uptime
Tenable has an uptime guarantee of 99.95% through a robust SLA, with service credits offered if the SLA is not met.
High availability
Tenables uses the AWS platform and other leading technologies to ensure high availability. Using fault tolerant and redundant components, Tenable ensures you get the best possible service with minimal downtime.
Secure software development
Tenable has a dedicated team to drive the Secure Software Development Lifecycle (SSDLC). Leveraging automated security testing they identify potential vulnerabilities within source code, dependencies, and underlying infrastructure to ensure we ship secure, high-quality products at pace.
الحوكمة
Tenable’s SSDLC team ensures adherence to security controls in our processes and uses automated Security Testing to identify potential vulnerabilities. All tests must meet a strict scoring criteria before products are released.
Static Application Security Testing (SAST)
Tenable analyzes the application source code for bugs, tech-debt and vulnerabilities to ensure security and quality of our products.
Dependency and third-party library scanning
Tenable analyzes project dependencies to determine vulnerabilities and licensing issues.
Dynamic Application Security Testing (DAST)
Tenable regularly runs automated web application scans against our products to discover bugs, exploits and vulnerabilities early in the development process.
Product security advisories
Tenable publishes issues specific to our software as they become known and fixes are made available for customers. For more information, click here.
Code standards and role-based access control
Tenable's baseline source code control standards align to certification requirements and industry best practices. Standards include: peer code reviews, role-based access control, least privilege, code and repository ownership, segregation of duties- and more.
إدارة الثغرات الأمنية
As a leading provider of vulnerability management solutions, Tenable leverages its platforms to perform internal scans and analyze vulnerabilities on laptops, infrastructure and cloud environments.
الأسئلة المتكررة
-
How does Tenable protect my data?
-
تلتزم Tenable بحماية سرية بيانات العملاء وسلامتها وتوافرها. ويتم تشفير بيانات Tenable Vulnerability Management أثناء النقل وتخزينها باستخدام شفرات تشفير TLS. حيث ينطبق تشفير AES-256 على طبقات البنية التحتية للتطبيق.
تم بناء المنصة السحابية من Tenable على شبكات خاصة معزولة، وتستخدم عناصر تحكم متعددة في الشبكة مثل عزل الحاويات وقيود حركة المرور الداخلية/نحو الداخل ومراقبة معدلات حركة المرور والمصادر والأنواع في نقاط شبكة متعددة.
Tenable also implements multiple access controls to help customers control data access and performs frequent vulnerability, docker container and web application scans to conduct periodic security assessments.
For detailed descriptions of the applied security measures, review the Data Security and Privacy data sheet.
-
Which customer data does Tenable Vulnerability Management manage?
-
في نهاية المطاف، يبقى لإدارة الثغرات الأمنية لبيانات العملاء من Tenable غرض واحد: وهو تقديم تجربة استثنائية يقوم العملاء خلالها بإدارة الأصول والثغرات الأمنية لتأمين بيئاتهم. لتحقيق هذا الغرض، تدير إدارة الثغرات الأمنية من Tenable ثلاث فئات من بيانات العملاء:
- بيانات الأصول والثغرات الأمنية
- بيانات الأداء البيئي
- بيانات استخدام العميل
-
Which customer asset and vulnerability data does Tenable Vulnerability Management manage?
-
تجري إدارة الثغرات الأمنية من Tenable جردًا للأصول الموجودة على شبكات العملاء وإدارة سمات الأصول التي قد تتضمن عنوان IP وعنوان MAC واسم NetBIOS ونظام التشغيل والإصدار والمنافذ النشطة وغير ذلك المزيد.
Tenable Vulnerability Management collects detailed current and historical vulnerability and configuration data, which may include criticality, exploitability and remediation status and network activity. Additionally, if customers enhance Tenable Vulnerability Management data with integrations to third-party products, such as asset management systems and patch management systems, Tenable Vulnerabilty Management may manage data from those products.
-
هل تحلل شركة Tenable بيانات العميل أو تستخدمها؟
-
Tenable anonymizes and analyzes customer data for the purpose of determining trends in the industry, trends in vulnerability growth and mitigation, and trends in security events. For example, correlating the presence of a vulnerability with its exploitation has enormous benefits to Tenable customers. The data collected in our cloud does not include scan data that contains PII or personal data. Data that could potentially identify a customer is anonymized before being ingested into our analytics platform via a one-way salted hash using SHA-256. Additional benefits of Tenable’s data analysis include advanced analytics and improved correlation of customer data with industry and security events and trends. Collecting and analyzing such data also allows customers to baseline themselves against others in the industry or overall. Tenable provides a method for customers to opt out if desired.
-
هل يمكن للعميل الانسحاب من جمع بيانات الحماية والحالة؟
-
للحفاظ على أداء إدارة الثغرات الأمنية من Tenable وتوافرها وتقديم أفضل تجربة مستخدم ممكنة، تقوم إدارة الثغرات الأمنية من Tenable بجمع معلومات حالة التطبيق والمعلومات الصحية الخاصة بالعميل. ويتضمن ذلك عدد مرات اتصال أداة الفحص بالمنصة، وعدد الأصول المفحوصة وإصدارات البرامج المنشورة، بالإضافة إلى بيانات تتبع الاستخدام العامة الأخرى لتحديد المشكلات المحتملة ومعالجتها في أقرب وقت ممكن.
تستخدم شركة Tenable بيانات الحماية والحالة للكشف عن المشكلات المحتملة ومعالجتها في الوقت المناسب، وبالتالي الحفاظ على التزامات اتفاقية مستوى الخدمة (SLA). وبناءً عليه، لا يمكن للعملاء الانسحاب من جمع البيانات هذا.
-
Which usage data does Tenable Vulnerability Management collect?
-
To evaluate and improve customer experience, Tenable collects anonymized user usage data. This data includes page access, clicks and other user activity that give the user a voice into streamlining and improving the user experience.
-
هل يمكن للمستخدمين الانسحاب من جمع بيانات الاستخدام؟
-
Yes. A customer can request their container no longer be part of the collection process.
-
Where is customer data stored?
-
Tenable uses data centers and services from Amazon Web Services (AWS) to provide and deliver Tenable Vulnerability Management to customers. Collection and processing of customer scan data occurs inside the Tenable cloud platform within the geographic region where the customer’s account is hosted, unless the customer explicitly selects a different geographic region for the data to reside. المواقع الحالية هي:
- شرق الولايات المتحدة
- غرب الولايات المتحدة
- وسط الولايات المتحدة
- لندن
- فرانكفورت
- سيدني
- سنغافورة
- كندا
- اليابان
Tenable will support additional countries in the future.
As all customer data is stored in secure, regional AWS services. The certifications for EU data protection that AWS maintains apply to the Tenable Cloud. More information is available at https://aws.amazon.com/compliance/eu-data-protection/.
-
هل يمكن للعميل إبقاء البيانات في موقع/بلد معين؟
-
نعم. تُخزن البيانات في البلد الذي تم تحديده عنه إنشاء الحساب.
-
كيف تتم حماية بيانات العملاء ضمن إدارة الثغرات الأمنية من Tenable؟
-
Tenable applies multiple security measures to deliver Tenable Vulnerability Management data security and privacy. For a detailed descriptions of the applied security measures, see the Data Security and Privacy data sheet.
-
كيف تجري شركة Tenable التطوير الآمن؟
-
Comprehensive details can be found on the Data Security and Privacy data sheet.
Tenable has a dedicated cross-functional team that drives the Secure Software Development Lifecycle (SSDLC). To ship secure, high quality products at pace, Tenable leverages automated security testing to identify any potential vulnerabilities within source code, dependencies and underlying infrastructure before releasing to our customers. Tenable utilizes static application security testing (SAST), dependency and third-party library scanning, dynamic application security testing (DAST), and vulnerability testing on container images. Strict scoring criteria is adhered to and is enforced throughout the development process.
-
Which customer application security is available?
-
Tenable provides a number of mechanisms to help customers keep their data secure and control access, including:
- Data is encrypted in transit and in storage with AES-256 and TLS Encryption ciphers. Encryption keys are stored securely and access is limited. Encryption is applied to various application infrastructure layers and sharing of keys is prohibited.
- Tenable protects against brute-force attacks by locking accounts out after five (5) failed login attempts.
- Customers can configure two-factor authentication through services provided by Twillo.
- Customers can integrate Tenable Vulnerability Management with their SAML deployment. Tenable Vulnerability Management supports both IdP and SP initiated requests. Lastly, users can reset their password directly inside the application using their email address.
- Customers can build custom connections to Tenable Vulnerability Management using our documented APIs or SDKs. Access can be granted and controlled by the creation of specific APIs “keys.” ويتم دعم استخدام مفاتيح مختلفة لعمليات التكامل المختلفة دون الحاجة إلى مشاركة بيانات اعتماد المستخدم.
- The data collected in our cloud does not include any scan data containing PII or personal data. Data that could potentially identify a customer is anonymized via a one-way salted hash using SHA-256
- To protect from data interceptions, all communication to the platform is encrypted via SSL (TLS-1.2). Further, older insecure SSL negotiations are rejected to ensure the highest level of protection.
-
كيف يتم تشفير البيانات؟
-
All data in all states in the Tenable Vulnerability Management platform is encrypted with at least one level of encryption, using AES-256 and TLS encryption ciphers.
At Rest: Data is stored on encrypted media using at least one level of AES-256 encryption.
تتضمن بعض فئات البيانات المستوى الثاني من التشفير لكل ملف.
In Transport: Data is encrypted in transport using TLS v1.2 with a 4096-bit key (this includes internal transports).
Tenable Vulnerability Management Sensor Communication: Traffic from sensors to the platform is always initiated by the sensor and is outbound-only over port 443. يتم تشفير عمليات نقل البيانات عبر اتصال SSL باستخدام TLS 1.2 مع مفتاح 4096 بت. ويقضي ذلك على الحاجة إلى إجراء تغييرات في جدار الحماية، ويسمح للعميل بالتحكم في الاتصالات عبر قواعد جدار الحماية.
- مصادقة أداة الفحص إلى المنصة
- The platform generates a random key of 256 bit length for each scanner connected to the container and passes that key to the scanner during the linking process.
- Scanners use this key to authenticate back to the controller when requesting jobs, plugin updates and updates to the scanner binary.
- الاتصال الوظيفي من أداة الفحص إلى المنصة
- Scanners contact the platform every 30 seconds.
- If there is a job, the platform generates a random key of 128-bits.
- The scanner requests the policy from the platform.
- The controller uses the key to encrypt the policy, which includes the credentials to be used during the scan.
In Backups/Replication: Volume snapshots and data replicas are stored with the same level of encryption as their source, no less than AES-256. All replication is done via the provider. Tenable does not back up any data to physical off-site media or physical systems.
In Indexes: Index data is stored on encrypted media using at least one level of AES-256 encryption.
Scan Credentials: Are stored inside of a policy that is encrypted within the container’s AES-256 global key. When scans are launched, the policy is encrypted with a one-use random 128-bit key and transported using TLS v1.2 with a 4096-bit key.
Key Management: Keys are stored centrally, encrypted with a role-based key, and access is limited. All the encrypted data stored can be rotated to a new key. The Datafile encryption keys are different on each regional site, as are disk-level keys. Sharing of keys is prohibited and key management procedures are reviewed on a yearly basis.
-
هل يمكن للعملاء تحميل مفاتيحهم الخاصة؟
-
Key management is not customer configurable. Tenable manages keys and key rotation.
-
هل حصلت شركة Tenable على أي شهادات خصوصية أو أمن، مثل Privacy Shield أو CSA STAR؟
-
Tenable has received the following certifications:
- Cloud Security Alliance (CSA) STAR
- Privacy Shield Framework
- ISO 27001
- National Information Assurance Program (NIAP)
- FedRAMP authorization for Tenable Vulnerability Management and Tenable Web App Scanning
-
How does Tenable protect Personally Identifiable Information (PII)?
-
The Tenable Vulnerability Management platform makes every effort not to collect PII data types in a format that would require additional certifications or security measures. The data collected in our cloud does not include any scan data that contains PII or personal data. Data that could potentially identify a customer is anonymized before being ingested into our analytics platform via a one-way salted hash using SHA-256. ويتضمن ذلك أرقام بطاقات الائتمان، وأرقام التأمين الاجتماعي، والشيكات المخصصة الأخرى. وعندما تلتقط المكونات الإضافية من Tenable سلاسل أحرف قد تحتوي على معلومات حساسة أو شخصية، تقوم المنصة تلقائيًا بتشويش 50% على الأقل من الأحرف لحماية البيانات التي قد تكون حساسة.
-
هل يتم فصل بيانات العميل؟
-
Each customer’s data is marked with a “container ID” that corresponds to a specific customer subscription. This container ID assures access to a customer’s data is limited to only that customer.
-
Which security controls protect Tenable Vulnerability Management?
-
Tenable leverages its own solutions to conduct daily, weekly or monthly scans of all corporate laptops, infrastructure and cloud environments. All findings are analyzed, ticketed and tracked in accordance with the Tenable Vulnerability Management policy. Tenable’s vulnerability management program encompases authenticed, agent, web application and database scanning. In addition, the following controls are in place:
- تتحكم جدران الحماية وتقسيم الشبكة في إمكانية الوصول.
- Automated tools and processes monitor the Tenable Vulnerability Management platform for uptime, performance and to detect anomalous behavior.
- تُراقب السجلات بالأنظمة الآلية 24 ساعة على مدار الأسبوع طوال العام، ويتواجد موظفو Tenable 24 ساعة على مدار الأسبوع طوال العام للاستجابة للأحداث.
- Third-party penetration tests of our applications, services and businesses as a whole.
- Tenable leverages a vulnerability report board to receive and respond to any weakness or vulnerabilities identified from the broad security researcher community. As identified reports are triaged and responded to, Tenable releases security advisories for the benefit of customers, prospects and the wider community.
- Tenable reviews every third-party vendor through a rigorous risk management program.
-
كيف يتم تأمين أجهزة استشعار إدارة الثغرات الأمنية من Tenable؟
-
تؤدي المستشعرات التي تتصل بالمنصة دورًا رئيسيًا في أمن العميل، من خلال جمع معلومات الأصول والثغرات الأمنية. Protecting this data and ensuring the communication paths are secure is a core function of Tenable Vulnerability Management. Tenable Vulnerability Management supports several sensors today: Nessus vulnerability scanners, passive scanners and Nessus Agents.
تتصل أجهزة الاستشعار هذه بمنصة إدارة الثغرات الأمنية من Tenable بعد المصادقة المشفرة والربط بإدارة الثغرات الأمنية من Tenable. بمجرد حدوث الربط، تتولى إدارة الثغرات الأمنية من Tenable إدارة جميع التحديثات (المكونات الإضافية، والتعليمات البرمجية، وغيرهما) لضمان التحديث الدائم لأجهزة الاستشعار.
تبدأ عمليات نقل البيانات دائمًا من المستشعرات إلى المنصة من خلال المستشعر، وتكون صادرة عبر المنفذ 443 فقط. يتم تشفير عمليات نقل البيانات عبر اتصال SSL باستخدام TLS 1.2 مع مفتاح 4096 بت. ويقضي ذلك على الحاجة إلى إجراء تغييرات في جدار الحماية، ويسمح للعميل بالتحكم في الاتصالات عبر قواعد جدار الحماية.
- مصادقة أداة الفحص إلى المنصة
- The platform generates a random key of 256 bit length for each scanner connected to the container and passes that key to the scanner during the linking process.
- Scanners use this key to authenticate back to the controller when requesting jobs, plugin updates and updates to the scanner binary.
- الاتصال الوظيفي من أداة الفحص إلى المنصة
- Scanners contact the platform every 30 seconds.
- If there is a job, the platform generates a random key of 128-bits.
- The scanner requests the policy from the platform.
- The controller uses the key to encrypt the policy, which includes the credentials to be used during the scan.
-
كيف تتم إدارة توفر إدارة الثغرات الأمنية من Tenable؟
-
The Tenable Vulnerability Management services strive to provide a 99.95% or better uptime, and have delivered 100% uptime on the majority of services. Tenable has published an SLA that describes our commitment to ensure the platform is available to all users and how we credit customers in the event of unplanned downtime.
“Up” status is determined simply by public availability tests hosted by a third party that regularly tests the availability of all services. The uptime for services (both current and historical) is available at https://status.tenable.com/.
Tenable Vulnerability Management makes extensive use of the AWS platform and other leading technologies to ensure our customers experience the best possible service and overall quality. Below is a partial list of the solutions deployed and benefits to customers:
- Elasticsearch Clusters: Elasticsearch clusters are highly available and can recover from the loss of master nodes, lb nodes and at least one (1) data node, without impacting service availability.
- Elastic Block Stores: Used to take daily snapshots and store eight (8) copies
- نظام Kafka العام: يقوم كل من Kafka وZookeeper بنسخ البيانات عبر المجموعة لتوفير التسامح مع الأخطاء في حالة الفشل الذريع لأي عقدة.
- Postgres Instances: Manage the back end microservice framework to keep 30 days of snapshots
-
أين يتم نسخ البيانات؟
-
تُخزن البيانات المنسوخة نسخًا متماثلًا داخل المنطقة نفسها.
-
Which disaster recovery capabilities are in place?
-
الكوارث هي الأحداث التي تؤدي إلى فقدان البيانات أو المعدات بشكلٍ غير قابل للاسترداد في منطقة واحدة أو أكثر من منطقة.
تشمل إجراءات التعافي من الكوارث لإدارة الثغرات الأمنية من Tenable عدة مستويات، وهي مصممة للتفاعل مع المواقف التي قد تحدث من أي مكان بمعدلات تتراوح بين مرة واحدة كل خمس سنوات ومرة واحدة كل 50 سنة. وبناءً على نطاق الكارثة، يتفاوت زمن إجراءات الاسترداد من 60 دقيقة إلى 24 ساعة.
-
من الذي يمكنه الوصول لبيانات العميل؟
-
يتحكم العملاء فيمن يمكنه الوصول إلى بياناتهم، بما في ذلك تعيين الأدوار والأذونات لموظفيهم ومنح الوصول بشكلٍ مؤقت من موظفي الدعم لدى شركة Tenable.
-
كيف تتم إدارة أدوار وأذونات المستخدمين؟
-
Tenable Vulnerability Management customer administrators can assign user roles (basic, scan operator, standard, scan manager, administrator and disabled) to manage permissions for major functions in Tenable Vulnerability Management such as access to scans, policies, scanners, agents and asset lists. Customers can also assign access groups to allow groups in their organization to view specific assets and related vulnerabilities in aggregated scan results and to run scans against specific targets and view individual scan results.
-
هل يمكن لموظفي Tenable الوصول إلى بيانات العميل؟
-
نعم. Tenable Technical Support restricts the Tenable Vulnerability Management impersonation privilege to a subset of authorized senior roles. With customer permission, authorized senior members of Tenable’s global support staff can impersonate user accounts, which allows them to perform operations in Tenable Vulnerability Management as another user without needing to obtain that user's password.
ويمكن لموظفي الدعم لدى شركة Tenable، أو العميل، تقديم طلب لتفعيل الميزة. If Tenable Technical Support needs to impersonate a Tenable Vulnerability Management user, a ticket is opened and tracked until closure. Technical Support will send an email to the customer after identifying the business need to impersonate. The customer is required to confirm via email that Technical Support is approved to impersonate the user. Technical Support will not impersonate the user until approval is received from the customer. كما يجب منح الإذن لكل مشكلة يتم تسجيلها باستخدام الدعم. Approvals are tracked within the initial ticket. فلن تعمل شركة Tenable بـ "موافقة" مفتوحة لانتحال الهوية في أي وقت.
تمتلك شركة Tenable عملية محددة للتعيين والفصل من العمل. ويُطلب من جميع الموظفين توقيع اتفاقيات عدم الكشف عن المعلومات في إطار عملية تعيينهم، ويتم إبطال جميع الحسابات ومفاتيح الوصول على الفور بمجرد إنهاء التعاقد.All Tenable Vulnerability Management operations staff are also required to pass a third-party background check.
-
من يمكنه استخدام وظيفة انتحال الهوية؟
-
Only the account administrator and authorized Tenable senior support staff members are allowed to use the impersonate function. All accounts with the ability to perform impersonations require two-factor authentication for security purposes. Tenable audits impersonations internally and each customer can also audit impersonations performed to their account. All impersonations are logged in audit logs, and all Tenable Vulnerability Management customers can audit impersonations through the API. Tenable documents how to pull the audit logs in the following public document, https://developer.tenable.com/reference#audit-log. Please note that there is an automated account, ([email protected]), that may show at times in these audit logs.
-
هل تُنقل البيانات خارج البلد عند استكشاف شركة Tenable مشكلة فنية وإصلاحها؟
-
Tenable is making every effort to ensure that customer data is protected and we ensure that their policies are being followed by working with customers to ensure data remains in the region required. However, user impersonation may result in data leaving the primary location. There are instances where cases need to use the Follow-the-Sun process when casework needs to continue beyond local business hours. There are also instances where customers could email a report to Tenable or otherwise break their own policy by emailing outside of their region.
For customers using a FedRamp authorized Tenable product, this data always stays within the U.S.
-
هل سيتمكن موظفو الدعم لدى شركة Tenable من الوصول إلى الشبكة الداخلية للعميل؟
-
No. All traffic is initiated by the scanner and is outbound only. The scanners are installed behind the customer’s firewall and customers can control access of the scanners via their firewall.
-
What is the Tenable Vulnerability Management Data Retention Policy?
-
The data retention policy for Tenable Vulnerability Management and other Tenable-hosted products is 12 months of retention for existing customers. For customers that terminate a product subscription, customer data will be retained for 30 days from the termination date. Tenable’s data retention policy with respect to PCI scans matches then-current requirements set forth by the PCI Security Standards Council.
-
ما مدة الاحتفاظ ببيانات الفحص النشط؟
-
The ability to measure progress over time is a core function of the Tenable Vulnerability Management platform. Tenable Vulnerability Management will automatically store customer data for 12 months to allow customers to report over a one (1) year period of time.
-
إذا أنهى العميل خدمة إدارة الثغرات الأمنية من Tenable، فما مدة الاحتفاظ بالبيانات؟
-
Should a customer's account expire or terminate, Tenable will retain the data, as it was at the time of expiration, for no more than 30 days. After that time, this data may be deleted and cannot be recovered.
-
ما مدة الاحتفاظ بالبيانات ذات الصلة بـ PCI؟
-
Data involved in a PCI compliance validation process is not deleted until at least three years after the date of the PCI attestation, as required by PCI regulations. Tenable retains this data for this time period, even if the customer chooses to delete their scans or account or terminates their Tenable Vulnerability Management service.
-
ما مدة الاحتفاظ ببيانات استخدام إدارة الثغرات الأمنية من Tenable؟
-
To ensure the best possible experience, Tenable collects this information as long as a customer container remains active. Once a customer discontinues the service, the data will be retained for no more than 30 days.
-
هل تمتلك إدارة الثغرات الأمنية من Tenable شهادة معايير مشتركة؟
-
Common Criteria certification is generally not applied to a SaaS solution, as the frequency of updates does not lend itself to a certification process that takes six to nine (6-9) months to complete. Tenable has achieved Common Criteria certification for Tenable Security Center, Nessus Manager, Nessus Agents and Log Correlation Engine (LCE).
تعرف على Tenable على أرض الواقع
هل تريد معرفة كيف يمكن لشركة Tenable مساعدة فريقك في الكشف عن الثغرات الأمنية ذات الأولوية التي تعرض عملك للخطر والتخلص منها؟
أكمل هذا النموذج للحصول على مزيد من المعلومات.