Compliance Windows Command Execution Enhancement
Summary The Windows Compliance Check plugin is implementing an updated library to run commands on Windows targets. The enhancements will include the following benefits. The plugin will improve on its handling of command timeouts. There were issues when long running commands would timeout on the scanner but leave temporary files on the target. This update will force long running checks to close when timing out and remove temporary files. The recently released improved resource management controls for Windows plugins on agents will now be extended to running audits. Potential Impacts: Tenable has gone to great lengths to ensure that the content that it publishes will operate and produce the same results that it always has. Customized audits may exhibit some changes due to the introduced job control of the command execution. These changes tend to be compliance checks that generate different results (failure instead of passing), or the actual values of the check have different text that would affect baseline scans. If custom content does exhibit these issues, strategies to work with the new library can be found in Compliance WMI Library Enhancement. Tenable Plugins 21156 - Windows Compliance Checks Target Release Date February 9, 2026
CyberArk for Palo Alto Networks PAN-OS and F5
Summary Tenable is pleased to announce that customers can now use CyberArk for privilege access management with both the Palo Alto Networks PAN-OS and F5 credentials. Scope Customers utilizing Tenable Vulnerability Management and Nessus Manager now have the capability to configure vulnerability scans with the PAN-OS credential utilizing CyberArk as an authentication method. Similarly to PAN-OS, the F5 credential has also been updated with CyberArk as an option for providing authentication credentials for compliance checks scans. Supported PAM Integration in this Release: CyberArk Plugins The below integration plugins provide essential information for validating the successful acquisition of authentication credentials from CyberArk by both the F5 and PAN-OS integrations. Integration Plugins Integration Status Debugging Log Report Impact Customers will now see CyberArk as credential PAM options within the F5 and Palo Alto Networks PAN-OS credentials. For any issues related to the use of PAM authentication with F5, please refer to the new log in the Debugging Log Report. Example - If using F5 with CyberArk support, the file will display as “f5_settings.nbin~CyberArk”. For any issues related to the use of PAM authentication with Palo Alto Networks PAN-OS, please refer to the new log in the Debugging Log Report. Example - If using F5 with CyberArk support, the file will display as “palo_alto_settings.nasl~CyberArk” Release Date January 21, 2026 for Tenable VM and Nessus TBD: Tenable Security Center
PCI Agent Scan Template now available!
As a result of the PCI DSS 4.x specification release, credentialed scanning is now a requirement for the PCI internal scanning. In response, Tenable has created the Tenable PCI Agent scan template, which can be used to scan your network via the PCI Internal Nessus Agent scan template in Tenable Vulnerability Management. For systems where agents cannot be installed, the defined approach in PCI DSS 11.3.1.2 (by way of the Internal PCI Network Scan scan template) is still applicable. The internal PCI network scan (uncredentialed network scan) is still required to cover vulnerabilities related to network services by port scans. Please visit LINK for details on scan configuration and also LINK for configuration of the PCI Agent.
Azure Cloud Infrastructure Scanning for Government
Summary As CISA BOD 25-01: Implementing Secure Practices for Cloud Services is being implemented, Tenable customers need a method to scan their cloud configuration for compliance. Tenable has enabled the ability to authenticate against the US Government national cloud in Microsoft Azure. Authentication Environment To accomplish the scanning of national clouds in Microsoft Azure, the Microsoft Azure credential has been enhanced to include the Authentication Environment preference. This preference has the default value of "Global", with an added value of "US-Gov". To use the credential in the US Government national cloud, Tenable customers will need access to the cloud being specified and have setup application access to the instance by following the procedures in Configure Azure for a Compliance Scan. Tenable Plugins 79357 - Microsoft Azure Compliance Checks Target Release Date Immediate
