We already learned a great detail about Nessus policies in Chapter 2, Understanding Network Scanning Tools. For a quick recap, the Nessus scan policy consists of various settings and content, which is to be used while performing a Network Vulnerability Scan or Compliance Audit. This scan can be created by any Nessus user and can be made available for other users who can then also perform a scan. These policies can be duplicated, imported, and exported based on the user requirements. The only limitation of the policy export is that host-specific data such as Nessus audit files and credential details cannot be exported. These policies are available as part of the resources menu mentioned on the home screen once the user logs in to the Nessus web console:

When a user tries to create a new policy, Nessus provides preexisting scan templates, which can be used to create a new template by customizing the parameters of the scan template: