All Nessus Test Cases consists of a Policy file and (optional) Audit file. A scan policy consists of configuration options related to performing a vulnerability scan. These options include, but are not limited to:
- Parameters that control technical aspects of the scan such as timeouts, number of hosts, type of port scanner, and more.
- Granular plugin family or individual plugin based scan specifications.
- Compliance policy checks (Windows, Linux, Database, etc.), report verbosity, service detection scan settings, audit files, patch management systems, and more.
Audit files from the Information Assurance Support Environment (IASE) (http://iase.disa.mil/stigs/Pages/a-z.aspx) can be used in Nessus scans specific to your environment. Once the policies have been configured and included in a Nessus Test asset, they can be repeatedly used with little effort.