Nessus provides options of doing automated compliance checks using the tool, apart from vulnerability scanning. Using this option, it can be cross-checked whether the secure configuration settings of the infrastructure such as servers, network devices, and databases are in compliance with the defined policy or best practices an organization is following. A compliance requirement is also derived from different compliance standards adhered to by an organization. This feature is available to professional feed subscribers.

The Policy Compliance plugin family is available for compliance check scanning. The plugin family includes, but is not limited to, servers, network devices, and standards such as PCI DSS. The Nessus Results tab also offers a Compliance option while saving the output to specifically generate a compliance report. These compliance checks can be modified by using the.audit files. Appropriate credentials of the underlying infrastructure on which a compliance audit is being performed need to be updated in the tool.