Skip to content
NEW: ISASecure Site Assessment Program for OT Cybersecurity Learn More

Test Tools

VIT Testing

The certification body does perform one type of test as part of their product assessment: Vulnerability Identification Testing (VIT) using the Tenable Nessus scanning tool. This is a quick and inexpensive test. The purpose of Vulnerability Identification Testing (VIT) is to scan the device under test (DUT) with a commercially available tool to identify known vulnerabilities. The device supplier must correct known vulnerabilities discovered during the VIT scan to meet the ISASecure product certification requirements.

The ISASecure program uses the US-CERT National Vulnerability Database (NVDB) as the reference list for identifying known vulnerabilities, providing objectivity and transparency for the ISASecure assessment process. Known vulnerabilities in the US-CERT NVDB are organized into globally accepted Common Weakness Enumeration (CWE) categories and the NVDB is updated on an ongoing basis as new vulnerabilities are identified and verified.

The VIT test is run when devices are evaluated for ISASecure certification, and the time and date of the scan is recorded. This allows the suppliers and end-users to know which NVDB vulnerabilities were included in the scan.

ISASecure recommends end-users require their suppliers to re-run the VIT during factory acceptance testing (FAT) and site acceptance testing (SAT). These procurement steps ensure new vulnerabilities that may have been discovered and added to the US-CERT NVDB during the time interval between the ISASecure certification VIT scan date and commissioning date are identified.

Information about the US-CERT NVDB may be found on the United States NIST website at:

Information about the CWE categories may be found on the NIST website at:

Test Tools

The VIT Test tool we use in our program is listed below.

Tenable Network Security
World Headquarters
7021 Columbia Gateway Drive
Suite 50
Columbia, MD 21046

North America: +1 (410) 872-0555
LATAM: +1 (4403) 545-2278
EMEA Headquarters
8 The Square
Stockley Park, Uxbridge
Middlesex, UB11 1FW
United Kingdom

Phone: +44 (0) 203-178-4247
APAC Headquarters
600 North Bridge Road
#09-06 Parkview Square
Singapore 188778

Phone: +65-67186750

Interested in Learning More?

The ISASecure certifications are based on the ISA/IEC 62443 standards and are trusted worldwide. Learn all about them below.

Our Certifications