Performing HIPAA/PCI Compliance Audits

I realize that the various compliance scans are only available in the Professional Edition, but I am wondering if there is a way to create my own compliance audits?

When I currently use the Community Edition to create a new Compliance Policy it gives me a basic policy that is made up of vulnerabilities - which is obviously not a compliance scan.

I would like to create my own scan that performs compliance scanning - for example, it can do what Nessus can do and determine if there is a minimum password length set on a host.

Is this possible and if so where I can learn to do this? The documentation doesn’t seem to answer this and I cannot use the professional edition.

I have found another similar topic but that just points to the professional edition, and I was hoping to create my own true compliance scans that are not doing vulnerability scans but checking the configuration of a system?

Truly appreciate any guidance on this topic - if there is an open-source set of compliance scans for GVM that would be great.

1 Like

Hi @JGo2112 and welcome to the forum :slight_smile:

I’ve moved this over to the Greenbone Source Edition category for now (I might move it back again later) for more visibility and to see if anyone has insight on this.