I am not familiar with ISO scanning requirements. I assume that requirements are lower than in pci dss standard.
Eero 24.1.2017 3.14 ap. "Oscar Kwan" <oscar.k...@jos.com.hk> kirjoitti: > Hi, > > > > Thank you for your reply. You are so helpful. > > > > How about ISO27001/27002? Is OpenVAS scanning result and report accepted > by ISO auditor (internal/external scan)? Or is it similar to PCI DSS that > depends on vendors or solutions instead of software itself? > > > > Again, thank you very much for your time on answering me. Wish God bless > you! :) > > > > Best Regards, > > Oscar > > > > > > > > *From:* eero.t.voloti...@gmail.com [mailto:eero.t.voloti...@gmail.com] *On > Behalf Of *Eero Volotinen > *Sent:* Monday, January 23, 2017 6:25 PM > *To:* Oscar Kwan > *Cc:* openvas-discuss@wald.intevation.org > *Subject:* Re: [Openvas-discuss] Enquiry for OpenVAS Compliance > > > > Hi, > > OpenVAS can fullfill PCI DSS requirements for internal scanning *). For > external scanning ASV certified solution is required **). It's not about > software, > > it's about certification and verified solution. > > Any other questions? > > *) note: > > pci dss: > > 11.2.3.c Validate that the scan was performed by a qualified > internal resource(s) or qualified external third party and if applicable, > organizational independence of the > tester exists (not required to be a QSA or ASV) > > > > **) https://www.pcisecuritystandards.org/assessors_and_solutions/ > approved_scanning_vendors > > > -- > > Eero > > > > > -- > > Eero > > > > 2017-01-23 11:55 GMT+02:00 Oscar Kwan <oscar.k...@jos.com.hk>: > > Dear all > > > > May I know which compliances OpenVAS is able to fulfill for vulnerability > scanning (e.g. PCI DSS, ISO27001/27002 etc.)? Our company would like to > switch from Nessus to OpenVAS and want to know whether they can fulfil the > audit requirements or not. Thanks. > > > > Best regards > > *Oscar * > > > > > > > > > ________________________________________________________________________ > DISCLAIMER:- > This email is confidential and intended only for the use of the individual > or entity named above and may contain information that is privileged. If > you are not the intended recipient, you are notified that any > dissemination, distribution or copying of this email is strictly > prohibited. If you have received this email in error, please notify us > immediately by return email or telephone and destroy the original message. > Thank you. > ________________________________________________________________________ > > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > ________________________________________________________________________ > DISCLAIMER:- > This email is confidential and intended only for the use of the individual > or entity named above and may contain information that is privileged. If > you are not the intended recipient, you are notified that any > dissemination, distribution or copying of this email is strictly > prohibited. If you have received this email in error, please notify us > immediately by return email or telephone and destroy the original message. > Thank you. > ________________________________________________________________________ >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss