Policy Compliance scans

Hi everyone,

So I have another question. From my knowledge, there’s two type of scans available, especially for those Nexpose users.

-Vulnerability scan
-Policy Compliance scan

Playing around with OpenVAS, it boasts a pretty good VA, but can I do a Policy Scan?

Maybe it’s already included, but can anyone advise specifically how one would do that, and filter results based on Policy compliance?

Please try to be specific in your advice, would really appreciate it !!



all available information around the policy scan topic is available in the documentation linked below.

Note: If you can’t find a specific policy test (e.g. PCI-DSS) this means that those are only included in the commercial GSM appliances including the GSF feed (see About the Feed Services (GCF & GSF) category).