Tenable Expands Coverage of CIS Certifications

Tenable Expands Coverage of CIS Certifications
Tenable’s Configuration Auditing Capability expanded to support additional Enterprise-Level CIS Audits 

August 16, 2007 – Columbia, MD – Tenable Network Security, Inc., the leader in unified security monitoring and creator of the popular and award-winning Nessus vulnerability scanner, today announced that Tenable Security Center v3.2 and Nessus 3 v3.0 have been certified by the Center for Internet Security (CIS) to conduct CIS Certified agent-less configuration audits for the following CIS Benchmarks: 

• CIS Level 1 Benchmark for Red Hat Enterprise Linux v1.0.5
• FreeBSD Benchmark v1.0.5,
• Windows Server 2003 Member Server v1.2 – Legacy
• Windows Server 2003 Member Server v1.2 – Enterprise
• Windows Server 2003 Member Server v1.2 – Specialized Security 

Named “best benchmarking effort” by Information Security Magazine, CIS benchmarks are developed by global consensus among hundreds of security professionals as recommendations for minimum due care and preferred practice security configurations. Benchmarks are based on recommendations from the SANS Institute, the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), the U.S. Defense Information Systems Agency (DISA), Information Systems Audit and Control Association’s COBIT. 

“With the rapid proliferation of system and network vulnerabilities, security professionals are hard-pressed to continually ensure the stability of their IT infrastructures,” said Clint Kreitner, president and CEO of CIS. “By earning these additional CIS certification, Tenable Network Security’s customers are assured that audits of Red Hat, FreeBSD, and Windows Server 2003 are in accordance with the security benchmarks defined by user consensus. In addition, we are pleased that Tenable’s certification will provide these additional CIS Benchmarks to Nessus’ broad and global user community.” 

“With today’s focus shifting from protecting the network to protecting the data, it is essential to have these consistent controls in place as part of an enterprise compliance program.” said Ron Gula, CEO of Tenable Network Security. “In receiving additional CIS certifications, Tenable’s customers are assured that Security Center and Nessus 3 accurately and thoroughly compare and report the security settings of their systems to the recommendations in the relevant CIS Benchmark(s).  Configuration audit, along with sensitive data discovery, ensure an organization’s ability to be compliant with both corporate and regulatory policies.” 

The CIS Certified benchmark checks are available immediately at no additional charge to Tenable Security Center users and Nessus Direct Feed subscribers.  For more information on Tenable’s Security Center and CIS Benchmarks, please visit: http://www.tenablesecurity.com/products/sc.shtml. To enable your Nessus 3 to perform CIS audits, please visit: http://www.tenablesecurity.com/products/direct.shtml. 

About the Center for Internet Security (CIS)
CIS is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. For additional information, please visit http://www.cisecurity.org.