Is there any documentation anywhere on how VoIPs are scanned for vulnerabilities? Is this even possible with third-party solutions, like Nessus, or do we only have things like Cisco Common Services Platform Collector (CSPC) to collect relevant information? I know Nessus allows you to do compliance scans on other Cisco devices using audit files. However, there's literally nothing out there about scanning VoIPs.