Both Nessus Professional and Nessus Essentials are the same file, the activation code which you enter after installation, states which version you will be using. You can download the Nessus vulnerability scanner from: the file that best suits the environment. If your staff are working remotely or don’t have an office, we will recommend that you download Nessus Essentials from the Tenable website, this will need to be installed on all the machines which are being audited in the sample set. If you are working from the office and most of your staff are working in the office as well, we will recommend that you download Nessus Professional from the Tenable website and install it on one machine which can see all the servers and workstations. Which Nessus version shall I use? Working from the office If you have one of the following, we can use your own copy for the testing. As part of the Cyber Essentials Plus audit, we, as certification bodies, are allowed to use the following authorised scanners. If you already have and use a vulnerability scanner within your business.
Note: If we are unable to perform a credentialed vulnerability scan, it will be a failure of the audit, or will delay the audit until it can be successfully completed.
We have written articles on how to configure a Windows environment as well as a MacOS environment, this can take some time to reconfigure and is recommended to tweak as soon as you start the Cyber Essentials Process. How to perform a Nessus credentialed scan for Cyber Essentials PlusĪs part of the Cyber Essentials Plus certification, you are required to undergo a credentialed vulnerability scan, using an account which has local administrator/root access to the machine.įor InfoSec Governance audits, we utilise the vulnerability scanner Nessus Professional when performing the audits onsite and recommend that our customers use this as well (or Nessus Essentials is auditing remote users).Īs Nessus requires quite a bit of configuration within the environment to work as needed against the newer Operating Systems, we recommend that you test to ensure that the scan works accordingly and doesn’t cause any delays to your audit.